http://msmvps.com/blogs/bernard/archive/2005/12/20/79489.aspxBy now, you should have read many blog postings or security advisory from various bodies that discussed about the new .dll exploit discovered by Inge Heriksen . Fairly new guy in IIS domain (afaik), an expert of coz. I came to noticed Inge few monthsenCommunityServer 2008.5 SP2 (Build: 40407.4157)http://msmvps.com/blogs/bernard/archive/2005/12/20/79489.aspx#81807Wed, 25 Jan 2006 13:15:45 GMTd67277c4-116b-43f1-b688-e9ef184ea916:81807John BakerHere has more details: <br> <br><a rel="nofollow" target="_new" href="http://www.determina.com/advisories/securityadvisory_dec202005.html">http://www.determina.com/advisories/securityadvisory_dec202005.html</a> <br> <br>&quot;The reference counter responsible for the vulnerability is also present in IIS 5.0 on Windows 2000, but the code that deallocates the object is not there. Windows 2000 and Windows 2003 are most likely not affected by this vulnerability, but the Determina Security Research team is still investigating alternative exploitation vectors.&quot; <br> <br>As there reason why IIS 5.0 is not effected. <div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=81807" width="1" height="1">