[原文]IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability.
IIS 4.0 and 5.0存在漏洞，如果虚拟路径映射到UNC共享便不能正确处理ISAPI extension，远程攻击者可以利用这个漏洞读取ASP和其他文件的源码，也称“虚拟UNC共享”漏洞。
Microsoft has released patches which rectify this issue. It should be noted that Proxy Server, Site Server, Site Server Commerce Edition and Microsoft Commercial Internet System run atop IIS. Customers using these products should apply the patch appropriate for the version of IIS they are running. Microsoft IIS 4.0 alpha
MS Commercial Internet System 2.0/2.5,IIS 4.0,Proxy Server 2.0,Site Server Commerce Edition 3.0 UNC Mapped Virtual Host Vulnerability
If a virtual host root is mapped to a UNC share, a backward slash "\" appended to an ASP or HTR extension in a URL request to that virtual host will cause Microsoft Internet Information Server to transmit full source code of the file back to a remote user. Files located on the local drive where IIS is installed is not affected by this vulnerability.