The vulnerability allows remote unauthenticated attackers to force the IIS server to become unresponsive until the IIS service is restarted manually by the administrator. Required is that Active Server Pages are hosted by the IIS and that an ASP script reads out a Post Form value.
9edbe875f33f8abbbd70b40b78b0b3ee2f256cdbfd08ccf58b9ba2cabbd67558