NT Versions Affected:

4.0, IIS 1.0

Problem:

A URL such as 'http://www.domain.com/..\..' allows you to browse and download files outside of the webserver content root directory.

A URL such as 'http://www.domain.com/scripts..\..\scriptname' allows you to execute the target script.

By default user 'Guest' or IUSR_WWW has read access to all files on an NT disk. These files can be browsed, executed or downloaded by wandering guests.

Verification:

http://www.omna.com/iis-bug.htm