GEN:SID 1:971
Message WEB-IIS ISAPI .printer access
Summary This event is generated when an attempt is made to compromise a web
server running IIS 5.0 by exploiting the ".printer" bug.
Impact Serious. Remote unauthorized administrative access.
Detailed Information With the increasing pervasion of the Internet, vendors are adding
features into their software to support the networked world.  
Microsoft's initial implementation of one such feature were the
".printer" extensions on IIS 5.0 that first shipped with Windows 2000.

A bug exsisted in the initial release that could result in remote system
level access to the web server.  A patch has been released that fixes
this bug.
Affected Systems  
Attack Scenarios A hacker could use this vulnerability to get a remote, system level
command prompt on the server.
Ease of Attack Simple. Exploit software exists.
Corrective Action Install latest patches from the vendor, or disable the ".printer" extensions using the IIS administration tool.
Additional References Vendor Security Bulletin: MS01-023
Bugtraq Archive: url,http://www.securityfocus.com/archive/1/181937
Rule References arachnids: 533
bugtraq: 2674
cve: 2001-0241
nessus: 10661