Microsoft IIS v4.0 and 5.0 contain a remote denial of service vulnerability if the server has been upgraded from v3.0. Issuing a malformed request for a certain file contained in /scripts/iisadmin can result in the webserver going into to an infinite loop, causing the web server to no longer accept requests. Microsoft bulletin available here.
4c48bae0b226218deaf38e5938232cb42629e8cd6e919da87f76a5db9e3da358