GEN:SID 1:989
Message BACKDOOR sensepost.exe command shell attempt
Summary This event is generated when an attempt is made to access the sensepost.exe file.
Impact Remote access. This attack may permit the execution of arbitrary commands on the vulnerable server.
Detailed Information A vulnerability associated Microsoft Internet Information Services (IIS) servers allows an attacker to escape the web root directory (inetpub) permitting navigation to unauthorized directories.  This vulnerability is exploitable by encoding characters in unicode because unauthorized directory traversal is not examined after the unicode decoding.  A widely available script exploits this vulnerability and copies the \winnt\system32\cmd.exe file to \inetpub\scripts\sensepost.exe, essentially allowing an attacker to execute arbitrary commands on the vulnerable host even after the patch has been applied.
Affected Systems Microsoft IIS 4.0, 5.0
Attack Scenarios An attacker can attempt to access the sensepost.exe file to execute arbitrary commands on the exploited server.
Ease of Attack Simple.
Corrective Action Apply the patch referenced in the Microsoft link.
Additional References CVE
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884

Bugtraq
http://www.securityfocus.com/bid/1806

Microsoft
http://www.microsoft.com/technet/security/bulletin/ms00-078.asp
Rule References nessus: 11003