A denial of service exists in counter.exe version 2.70, a fairly popular webhit counter used on the Win32 platform with web servers such as IIS andWebSite Pro.
1) When someone requests :http://no-such-server-really/scripts/counter.exe?%0A this will create anentry in counter.log of a blank line then a ",1" . If the person thenrefreshes their browser and requests it again you get an Access Violation incounter.exe - the instruction at 0x00414c0a referenced memory at 0x00000000.
2) When someone requests:http://no-such-server-really/scripts/counter.exe?AAAAAover-2200-As you get asimilar problem - though not a buffer overrun.
Whilst in a state of "hanging" all other vaild requests for counter arequeued and not dealt with until someone goes to the console and okays the AVmessages. Added to this memory can be consumed if the page is continuoslyrequested.
Thanks to David Litchfield for the heads up