Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests.
https://exchange.xforce.ibmcloud.com/vulnerabilities/6405
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-022