The bug also is not the same as the IIS4/5 one, it’s root cause is similar. IP/Domain filters can be bypassed the same way. IPS/IPS vendors should update their signatures. The video above shows the different settings and the different impacts they have (up to remote code execution) Microsoft SRD Team gives more insight and details (Must read) The bug is NOT affected IIS5 and IIS7 are NOT affected – IIS 5 and 5.1 are affected (according to MSRC)”]
Source: https://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html