Frontpage Server Extensions allows remote attackers to determine the physical path of a virtual directory via a GET request to the htimage.exe CGI program.
https://exchange.xforce.ibmcloud.com/vulnerabilities/34719
http://www.securityfocus.com/bid/964
http://www.securityfocus.com/archive/1/470458/100/0/threaded