GEN:SID 1:3078
Message NNTP SEARCH pattern overflow attempt
Summary This event is generated when an attempt is made to exploit a known
vulnerability in Microsoft implementation of the Network News Transport
Protocol (NNTP) for Internet Information Server (IIS).
Impact Execution of arbitrary code on the affected system
Detailed Information The Microsoft implementation of NNTP for IIS contains a programming
error in the processing of user supplied input that may present an
attacker with multiple opportunites to execute code of their choosing on
an affected system.
Affected Systems . Microsoft Windows NT Server 4.0 NNTP component
. Microsoft Windows 2000 Server NNTP component
. Microsoft Windows Server 2003 NNTP Component
. Microsoft Windows Server 2003 64-Bit Edition NNTP Component
Attack Scenarios An attacker must supply specially crafted input to a vulnerable system
to cause the overflow to occur.
Ease of Attack Moderate. Example code exists.
Corrective Action Apply the appropriate vendor supplied patches

Upgrade to the latest non-affected version of the software
Additional References CORE Technologies:
http://www.coresecurity.com/common/showdoc.php?idx=420&idxseccion=10
Rule References cve: 2004-0574
url: www.microsoft.com/technet/security/bulletin/MS04-036.mspx