DATE: COMMAND SOURCE: AUTHOR: IIS SYSTEMS AFFECTED NT 4.0, IIS 1.0 PROBLEM A URL such as 'http://www.domain.com/..\..' allows you to browse and download files outside of the webserver content root directory. A URL such as 'http://www.domain.com/scripts..\..\scriptname' allows you to execute the target script. By default user 'Guest' or IUSR_WWW has read access to all files on an NT disk. These files can be browsed, executed or downloaded by wandering guests. For verification check: http://www.omna.com/iis-bug.htm EXPLOIT SOLUTION Upgrade your version of IIS.