eEye Digital Security issued a
today warning that all servers running Microsoft Windows 2000 and Microsoft IIS 5.0 can be remotely compromised, giving system-level access. As
says, "It would give the attacker complete control of the server. She could load and execute any program she chose on the machine," etc. eEye has kindly not made its exploit public and waited for Microsoft to issue its patch before making the announcement.
May 1, 2001