This update resolves the "Malformed URL can cause Service Failure in IIS 5.0 and Exchange 2000" security vulnerability in Internet Information Server (IIS) 5.0 and Exchange 2000, and is discussed in Microsoft Security Bulletin MS01-014. Download now to prevent a malicious user from causing IIS 5.0 to fail.
This vulnerability exists because IIS 5.0 and Exchange 2000 incorrectly handle URLs that have a specific construction. If a malicious user sends a request to an affected Exchange 2000 server or an affected IIS 5.0 computer using a malformed URL, it can result in a repeating memory allocation error that causes IIS 5.0 to fail. Any Web sessions in progress are lost.