Crash the service? Or simply return a 500 error?
I'm guessing the latter. I'm also guessing that you're running into a security setting in either or both the CF settings or the IIS settings. These settings are in place to prevent denial of service attacks but some applications (maybe yours) need to up the default limits. I can remember off the top of my head the names or exactly where the settings are found, I just know they exist from first hand experience. Hope this helps some. Good luck.