The code.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.Referenceshttps://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-013
