Microsoft's Personal Web Server and Front Page Personal Web Server will follow '/..../' strings in requested URLs, allowing remote users to obtain unauthenticated read access to files and directories on the same logical drive as the web content. Hidden files are viewable via this method, although the Front Page directory itself is not. The name and path of the desired file must be known to the attacker.
Note that while these programs support Windows 95, 98 and NT, only the Win9x versions are vulnerable.
Microsoft Personal Web Server Multiple Dot Request Arbitrary File Access
Remote / Network Access
Loss of Integrity
Patch / RCS
Personal Web Server contains a flaw that allows a remote attacker to view arbitrary files outside of the web path. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the URI.
Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.