A security-audit firm Watchfire has found away to take advantage of a dangling point flaw in Internet Information Sever (IIS) 5.1.

Microsoft already knew that this problem existed but they did not release a patch because the vulnerability seemed impossible to be exploited.

This flaw happens when an IIS service process attempts to use a memory that was freed by a program. High school programmers may have heard about this type of pointer in their courses.

“In other words, this is not a buffer/stack overflow exploit and it will therefore not enable anyone to execute code on the web server,” said Inge Henriksen who is a technology consultant.

Source: The Register