Due to an unchecked buffer in IIS 5.0 Index services, a maliciously crafted HTTP .idq request containing approx 240 bytes in the query field will allow the execution of arbitrary code. It is commonly found on Windows 2000.
Microsoft Index services uses the idq.dll library to formulate and submit queries to the Microsoft Index Server. An unchecked buffer in idq.dll, will allow the execution of arbitrary code. Typically a web server would stop responding in a buffer overflow condition; however, once Windows 2000 detects an unresponsive web server it automatically performs a restart. Therefore, the administrator will be unaware of this attack.
Microsoft has released a patch which rectifies the issue on the Index services buffer overflow at BulletinMS01-033
Reference: eEye AD20010618