GEN:SID 1:979
Message WEB-IIS ASP contents view
Summary This event is generated when an attempt is made to exploit a cross-site scripting vulnerability associated with a file having a .htw extension.
Impact Cross-site scripting.  This attack may allow the execution of arbitrary commands on a victim host that visits a vulnerable server.
Detailed Information The Microsoft Indexing Service is vulnerable to a cross-site scripting exploit because of a failure to properly filter user input associated with files with a .htw extension.  This vulnerability is associated with Indexing Service component (CiWebHitsFile). This may allow an attacker to execute abitrary code on the victim host that visits the vulnerable server.
Affected Systems Microsoft Indexing Services for Windows NT 4.0 and Windows 2000

Attack Scenarios An attacker can inject malicious code in a vulernable server.  This may allow execution of arbitrary code on the victim host that visits the vulnerable server.
Ease of Attack Simple.
Corrective Action Apply the patch discussed in the referenced Microsoft Bulletin.

Additional References Bugtraq
http://www.securityfocus.com/bid/1861

CVE
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0942

Microsoft
http://www.microsoft.com/technet/security/bulletin/ms00-084.asp
Rule References cve: 2000-0942
bugtraq: 1861
url: www.microsoft.com/technet/security/bulletin/MS00-006.mspx