Immunity Advisory on IIS Stack Overflow Exception Denial of Service (SPIKE 2.7)
Author: Dave Aitel
Date: Oct 17, 2002

When IIS 5.0 and 5.1 recieve long headers, they sometimes cause a
Stack Overflow Exception (note: not a stack overflow, but an actual
exception when the stack runs out of space to expand.) This causes IIS
to spin for a certain amount of time, refusing to accept new
connections, until it has handled this condition. There is no risk of
futher compromise via this vulnerability. This vulnerability can be
reproduced, and was originally found, by running SPIKE 2.7's
closed_source_web_server_fuzzer against IIS.