MS IIS/PWS Escaped Characters Decoding Command Execution Vulnerability
We have conflicting reports regarding whether installing Windows 2000 SP2 after the patch (Q293826_W2K_SP3_x86_en) for this issue has been applied will re-expose this vulnerability. Although Microsoft has not confirmed the re-exposure of this issue, administrators should consider re-applying the patch.
Microsoft has released a patch that recitifies this issue.
Adriano Maia <firstname.lastname@example.org> has provided a vulnerability check tool, which is available for download in the reference section.
Microsoft IIS 4.0
Microsoft IIS 5.0