Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode.Referenceshttp://www.securityfocus.com/bid/2909https://exchange.xforce.ibmcloud.com/vulnerabilities/6742http://www.securityfocus.com/archive/1/192802
