A proof-of-concept exploit has been published for an unpatched vulnerability in Microsoft Internet Information Services 6.0. The vulnerability is a buffer overflow in the ScStoragePathFromUrl function of the IIS WebDAV service. It can be exploited through a specially crafted PROPFIND request. Security firm ACROS Security has also developed a free “micropatch” for this vulnerability — an unofficial patch that can be applied without restarting the affected server or IIS process.”]