It uses a remote buffer overflow vulnerability in Internet Information Service (IIS) Web Servers that can give system-level privileges to a remote user, thereby compromising network security...Yes CodeRED, I was reading an article on how multi-tier information systems are more vulnerable of attacks than two tier systems in techrepublic website (you have to register there to read the article), As I always do I recommend you' to read the people's opinion on these sort of articles,normally you can find more information there than the actuall paper!!!,anyway in one of the replies one of the guys in addition to rejecting DMZ resolution to this problem mentions that CodeRED V. II & III are working in the same way, its a very important tip that people might not realize at first that "the Man in the Middle" attack can turn to a DDoS (Distributed Denial of Services) attack easily if the hacker is clever enough. So take care of your multi-tier Information System servers, I think DMZ would help a lot with some fine tunings.