Microsoft Information for VU#264272
Microsoft Internet Information Server (IIS) discloses contents of files via crafted request containing "%3F+.htr"
Microsoft has released Microsoft Security Bulletin MS01-004.
The vendor has not provided us with any further information regarding this vulnerability.
Note that there are two other variants of this vulnerability which are described in VU#35085/MS00-031 and VU#28565/MS01-004 respectively.
If you have feedback, comments, or additional information about this vulnerability, please send us email.