GEN:SID 1:1970
Message WEB-IIS MDAC Content-Type overflow attempt
Summary This event is generated when an attempt is made to exploit a buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC).  
Impact Remote Access.  If the exploit is successful, an attacker can gain remote access to the host.
Detailed Information MDAC is a set of components that facilitates database access on Windows platforms.  The RDS component provides remote access to a database through Internet Information Services (IIS).  A vulnerability exists because of incorrect string handling with the RDS interface allowing an attacker to send a malformed HTTP request that overruns onto the heap.  This may allow execution of arbitrary code on the system.
Affected Systems Windows hosts running MDAC 2.1, 2.5, 2.6
Attack Scenarios An attacker can send a malformed HTTP request that is improperly validated by RDS, subsequently causing a buffer overflow.
Ease of Attack Difficult.  According to the Microsoft bulletin, a heap is more difficult to exploit than a stack overflow.
Corrective Action Apply security hotfix for Q329414.

Additional References CVE
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1142

Foundstone
http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337

Microsoft
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q329414
Rule References bugtraq: 6214
cve: 2002-1142
url: referenceurl,http//www.microsoft.com/technet/security/bulletin/MS98-004.mspx
url: www.foundstone.com/knowledge/randd-advisories-display.html?id=337