Microsoft Index Server Internet Data Query Path Disclosure
Remote / Network Access
Loss of Confidentiality
Microsoft Index Server in Microsoft Windows contains a flaw that may lead to an unauthorized information disclosure. By providing a request to a non-existent Internet Data Query file, a remote attacker could reveal the physical path to the web directory that was contained in the request resulting in a loss of confidentiality.
Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.