Reported April 18, 2001, by Microsoft.
Microsoft Windows 2000, Windows NT, Windows Me, and Windows 9x
A flaw with Microsoft’s implementation of WWW Distributed Authoring and Versioning (WebDAV) runs the script under the user’s security context. WebDAV should make a distinction between a user's request and script that a Web Browser runs, but Microsoft WebDAV does not differentiate the two. An attacker can use this flaw to browse the user’s intranet or access Web-based email if the attacker knows certain variables, such as server names, folder structures, and specific user and network information.
Discovered by Microsoft.