file leeched from http://www.hackersclub.com/km/files/nt/iishack5.zip

iishack5.c  - exploit source code
iishack5.pl - exploit perl port
iishack5.exe - exploit windows binary

The windows binary has only been tested to work under Windows NT 4.0, it may or may not
work under any other versions of windows, the perl script has been tested on both Windows
NT using activestate and Unix/Linux.  I offer no guarantees that it will work on your 
systems.

===============================

[ Buffer Overflow Exploit found by Eeye]

Microsoft Windows 2000 IIS 5.0 IPP ISAPI 'Host:' Buffer Overflow Vulnerability

Windows 2000 Internet printing ISAPI extension contains msw3prt.dll which handles 
user requests. Due to an unchecked buffer in msw3prt.dll, a maliciously crafted 
HTTP .print request containing approx 420 bytes in the 'Host:' field will allow 
the execution of arbitrary code. Typically a web server would stop responding in a
buffer overflow condition; however, once Windows 2000 detects an unresponsive web 
server it automatically performs a restart. Therefore, the administrator will be 
unaware of this attack.

* If Web-based Printing has been configured in group policy, attempts to disable 
or unmap the affected extension via Internet Services Manager will be overridden 
by the group policy settings. 

Microsoft has released a patch which rectifies this issue:

http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29321

