ISBASE Security Advisory(SA2000-02) - Microsoft IIS v4.0 and 5.0 for Windows NT and Windows 2000 sometimes displays the contents of files that should not normally be displayed and sometimes contains sensitive data. ISS can be tricked into calling ISM.DLL and exposing the contents of .asp, .asa, and .ini files. Exploit description included.
c08944303a5c4fb8db44beece6ca8c9e5f3f74e31842f8ec050ebb34e977435c