Atstake Security Advisory A041002 - IIS for Windows NT 4.0 and 2000 contains a heap overflow in .htr files which results in remote code execution in the IUSR_machine security context. This vulnerability has been verified on IIS 4.0 and 5.0 with SP2 and the latest security patches as of April 1, 2002.
d3c9eff0c4dcc24c4baf63a87290f4596e2768d47502b4211ec6c148b401ddca