FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) allows remote attackers to read arbitrary files by specifying the name in the file parameter.Referenceshttp://www.securityfocus.com/bid/230http://marc.info/?l=ntbugtraq&m=91877455626320&w=2
