The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.
https://www.securityfocus.com/bid/529
https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-025
https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-004