Microsoft IIS IDA/IDQ Document Root Path Disclosure
Local Access Required,
Remote / Network Access
Loss of Confidentiality
The ISAPI extension idq.dll library in Microsoft's IIS web server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker requests any file which does not exist with an .ida or .idq extension, which will disclose the full path of the web server's document root, resulting in a loss of confidentiality.
In the IIS Microsoft Management Console, go to Preferences -> Home directory -> Application, and select 'Check if file exists'. Additionally, please apply the patches listed in Microsoft Knowledge Base article MS00-006.