A few remarks, The following topics tackles some comments being made through private e-mail. Just clarification. NOT UNICODE - This is not 100% unicode we are talking about. This is the vulnerability as discovered by NSFOCUS Security Advisory(SA2001-02). This has been documented by Microsoft as being MS01-026 or to be found at the CERT ( CERTŪ Advisory CA-2001-12 ). Please read the history in the advisory to get a full update on the whereabouts of this vulnerability. This five-minute code snippet is meant to provide an easy to use testing interface for your IIS webservers. Nothing more, nothing less. CRIPPLED : Seems I've been sending the backup-code I had on my Windows machine instead of the working one on my OpenBSD testing machine. It will spit out with an error code, everyone with even pre-basic C knowledge will know how to solve this, however, simply put brackets on the if instruction like this: if ( ( strstr(recvbuffer,"404") == NULL ) ) { while(recv(create_socket, recvbuffer, 1, 0) > 0) { printf("%c", recvbuffer[0]); } }else { printf(" -- Wrong command processing. \n"); } PROOF OF CONCEPT - Tool or weapon? I guess everyone gets these discussions now and then, and I don't even want to go that way. The advisory is very clear, the patch is there... I do not see any harm in having a quick'n'dirty interface for this vulnerability on this advisory. Mind you, anyone with a netcat can pull off the exact same thing. Hence the fact it's even a waste of time wasting C on this one, but it just happened I had to write this one for testing purposes on our own IIS testing machines, and I didn't felt like opening a netcat connection and manually typing the GET request. There is no logic, I know... :-) Cheers, </filip>