Internet Information Services Other Vulnerability - CVE-1999-0449
The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp (2) query.asp or (3) search.asp scripts.