A remote overflow exists in Microsoft IIS. The server fails to handle overly long URLs which contain hundreds of forward slashes, resulting in an access violation. With a specially crafted request, an attacker can cause the server to crash, resulting in a loss of availability.
Upgrade to version 4.0 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by obtaining updated DLLs, which will have the following timestamps:
04/10/98 07:49p 382,576 asp.dll (Intel)
04/10/98 08:04p 557,328 asp.dll (Alpha)