Code Red and Sadmind/IIS does not use the same vulnerability.
Code Red in all incarnations use a vulnerability in the Indexing Server Stuff (TM) while Sadmind/IIS used a directory traversal vulnerability. See CA-2001-19 and CA-2001-13, both at CERT/CC for more info on the vulnerabilities.
Slashdot Mirror
Code Red in all incarnations use a vulnerability in the Indexing Server Stuff (TM) while Sadmind/IIS used a directory traversal vulnerability. See CA-2001-19 and CA-2001-13, both at CERT/CC for more info on the vulnerabilities.