GEN:SID 1:1595
Message WEB-IIS htimage.exe access
Summary This event is generated when an attempt is made to exploit a buffer overflow vulnerability associated with FrontPage Server Extension software.
Impact Remote access.  This attack may permit exeuction of arbitrary commands on the vulnerable server.
Detailed Information Microsoft FrontPage 97 and 98 Server Extensions are shipped with htimage.exe and imagemap.exe files that provide image-mapping support on the server for legacy browsers.  There is a vulnerability associated with the htimage.exe file because of unchecked buffers that may permit execution of arbitrary code on the vulnerable server.
Affected Systems Microsoft Exchange Server 5.5 and Microsoft Exchange Server 5.5 SP1, SP2, SP3, SP4
Attack Scenarios An attacker can craft a special URL referencing the htimage.exe file that causes a buffer overflow, allowing execution of arbitrary commands on the vulnerable server.
Ease of Attack Simple.  
Corrective Action Remove the htimage.exe and imagemap.exe files from the server.
Additional References nessus
http://cgi.nessus.org/plugins/dump.php3?id=10376

CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0256
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0122

Bugtraq
http://www.securityfocus.com/bid/1117
Rule References bugtraq: 1117
bugtraq: 964
cve: 2000-0122
cve: 2000-0256
nessus: 10376