Exploit:

 Mnemonix  found  following.   A   denial  of  service  exists   in
 counter.exe version 2.70, a fairly popular webhit counter used  on
 the Win32 platform with web  servers such as IIS and  WebSite Pro.
 There are two different bugs:

 1) When someone requests:

     http://no-such-server-really/scripts/counter.exe?%0A

    this will create an entry  in counter.log of a blank  line then
    a  ",1"  .  If  the  person  then  refreshes  their browser and
    requests it again you get an Access Violation in counter.exe  -
    the instruction at 0x00414c0a referenced memory at 0x00000000.

 2) When someone requests:

   http://no-such-server-really/scripts/counter.exe?AAAAAover-2200-As

 you get a similar problem - though not a buffer overrun.

 Whilst  in  a  state  of  "hanging"  all  other vaild requests for
 counter are queued  and not dealt  with until someone  goes to the
 console and okays the  AV messages.  Added  to this memory can  be
 consumed if the page is continuosly requested.