Buffer overflow in ASP.NET Worker Process allows remote attackers to cause a denial of service (restart) and possibly execute arbitrary code via a routine that processes cookies while in StateServer mode.
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-026