Microsoft Internet Information Server (IIS) 4.0 includes the ability to remotely administer user passwords via a web browser. IIS is a popular web server application for Windows NT, and comprises the majority of Windows NT based web servers. On June 16th it was reported to several security mailing lists that excessively long requests for .HTR files will overflow an internal buffer and allow the remote execution of arbitrary code.
983a0ddb6b84b81145772c4a7baa82865c68b4a799f0f89e1a25a3e833248dfa