The Internet Printing ISAPI (Internet Services Application Programming Interface) extension for Windows 2000 has an unchecked buffer (a temporary data storage area that has a limited capacity) in the code that processes users' print requests. A specifically malformed request from a malicious user can cause the buffer to overflow. Doing so grants the malicious user Local System privileges, allowing him to take complete control of the Web server. This update eliminates the vulnerability by ensuring that the ISAPI extension checks input correctly.
Note Although the affected component is not part of Internet Information Services (IIS) 5.0, the vulnerability is present only when IIS 5.0 is running.