Reported July 13, 2004, by Microsoft
A vulnerability exists in Microsoft Internet Information Server (IIS) 4.0 that could result in arbitrary remote code execution and remote compromise of the vulnerable system. This vulnerability is a result of a buffer overflow condition in the redirect function.
Microsoft has released bulletin MS04-021, "Security Update for IIS 4.0 (841373)," to address this vulnerability and recommends that affected users apply the appropriate patch listed in the bulletin.
Discovered by Microsoft.