Microsoft Information for VU#35085
Microsoft Internet Information Server (IIS) discloses contents of files via crafted request for .htr file
Microsoft has released Microsoft Security Bulletin MS00-031.
The vendor has not provided us with any further information regarding this vulnerability.
Note that there are two other variants of this vulnerability which are described in VU#28565/MS00-044 and VU#28565/MS01-004 respectively.
If you have feedback, comments, or additional information about this vulnerability, please send us email.