Now this sounds interesting.
Has anyone ever tried this?Blind Buffer Overflows In ISAPI Extensions
By Isaac Dawson January 25, 2005
This paper will outline the risks ISAPI Extensions pose and how they can be exploited by third parties without any binary exposure or knowledge using blind stack overflows. This method can enable remote code execution in proprietary and third party applications.
http://www.securityfocus.com/infocus/1819