This paper goes into detail on Unicode exploitation with how it works and how to actually perform attacks against IIS servers that are vulnerable to this bug.
You can download it from the following link: https://packetstormsecurity.com/files/download/30440/IISUnicodeExplained.doc
Source: https://packetstormsecurity.com/files/30440/IISUnicodeExplained.doc.html