
IIS .bat and .cmd Bug
The scan engine was able to exploit the .bat and .cmd bug in the Microsoft
Internet Information Server. These bugs allow a potential intruder to execute
commands on the WWW host.
Risk: High
Fix: Disable .BAT and .CMD file extensions for external CGI scripts in the mapping
feature of the IIS WWW server.