FrontPage server extensions will expose critical path information when errors occur while accessing certain DLL files related to the extensions. For example, accessing an invalid file through "_vti_bin/shtml.dll" will reveal path information.
The URL http://targetsystem/_vti_bin/shtml.dll/nosuch.htm would result in the error message "Cannot open D:\Inetpub\virtuals\powerasp\nosuch.htm: no such file or folder."
In addition, if numerous connections are established to the shtml.dll file, the server can be caused to utilize100% of its available CPU cycles
Microsoft is aware of these issues, which will be fixed in Version 1.2 of the FrontPage Server Extensions due for release "any time now" as of July 6, 2000.