By sending a specially crafted request followed by a reset packet it is possible to trigger a vulnerability in Apache 2.2.14 mod_isapi that will unload the target ISAPI module from memory. However function pointers still remain in memory and are called when published ISAPI functions are referenced. This results in a dangling pointer vulnerability. Successful exploitation results in the execution of arbitrary code with SYSTEM privileges.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/86963/SOS-10-002.txt
Source: https://packetstormsecurity.com/files/86963/Apache-2.2.14-mod_isapi-Dangling-Pointer.html