Can an ASP.NET application punch a hole through IIS?

Hi newsgroup.

I ask, can a buggy ASP.net app grant root access to the server? Or are
there built-in mechanisms that prevent this?

Let's say, I have a bug in my application, that under certain
situations provokes a never ending loop, the application crashes, and
the asp.net process will get recycled.. could this provoke an attack?


Short question: Is ASP.net shielded enough from IIS, so that any
failures in .net applications, don't affect the security of IIS?