IIS 5.0 Sample App reveals physical path of web root

A sample application shipped with IIS 5.0 discloses the physical path of the web root. An attacker can use this information to make more focused attacks.
Always remove sample applications from productions servers. In this case, remove the entire /iissamples folder.