Microsoft Windows Server 2003 Shell Folders Arbitrary File Access
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity
Windows Server 2003 contains a flaw that allows a remote attacker to read arbitrary files outside of the "Shell Folders" directory. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via a malicious link.
Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released Service Pack 1 (SP1) to address this vulnerability.