NSFOCUS Security Advisory (SA2000-07) - A serious flaw in Microsoft IIS 4.0 and 5.0 when handling CGI filenames allows any file on the system to be read and remote command execution, as described in here.
85c25f2dd295eef761bb7ed7766d70fbcfc7d6ba678f8b8cf47e98b2f9c639b7