There is a flaw in the way in which nsiislog.dll processes incoming requests. A vulnerability exists because an attacker could send specially formed communications to the server that could cause IIS to fail or execute code on the user's system.

Affected Software:
Microsoft Windows NT 4.0
Microsoft Windows 2000

Patch availability
Download locations for this patch