A non-memory logic error that allows remote code execution by breaking the stack? Can you give an example? Most of the examples I can think of are either directly or indirectly a problem of memory safety (for execution remote code rather than simply crashing (like a stack overflow)).
I don't see any details about breaking the stack (just the HTTP stack). Maybe you can request arbitrary ranges of files and they get cached in a way that lets you reference them as ISAPI filters. I'm grasping at straws but I'm not feeling particularly creative right now.
I was also being slightly sarcastic. I'd take the bet this is a memory safety issue, but there's a chance it isn't.
