GEN:SID 1:976
Message WEB-IIS .bat? access
Summary This event is generated when an attempt is made to reference a .bat file to execute arbitrary commands on an Internet Information Services (IIS) server.
Impact Remote access.  This attack can execute arbitrary commands on the IIS server with the privileges of the user running IIS.
Detailed Information Microsoft Internet Information Service (IIS) uses .bat and .cmd to execute code using the Common Gateway Interface (CGI).  A .bat file or .cmd file can be passed a malicious command to be executed on the server.  This is accomplished by preceding the malicious command with an ampersand.  This allows execution of arbitrary commands with the privileges of the user running IIS.
Affected Systems Hosts running IIS 1.0
Attack Scenarios An attacker can pass a .bat or .cmd file a malicious command to be executed.
Ease of Attack Simple.
Corrective Action Upgrade to a more current version of IIS.
Additional References Microsoft
http://support.microsoft.com/support/kb/articles/Q148/1/88.asp
http://support.microsoft.com/support/kb/articles/Q155/0/56.asp

CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0233

Bugtraq
http://www.securityfocus.com/bid/2023

Nessus
http://cgi.nessus.org/plugins/dump.php3?id=10362
Rule References bugtraq: 2023
cve: 1999-0233
url: support.microsoft.com/support/kb/articles/Q148/1/88.asp
url: support.microsoft.com/support/kb/articles/Q155/0/56.asp