In usual tradition, little information is to be had about the "Virtualized UNC Share" problem talked about in MS00-019. Luckily, MS was nice enough to submit an extra post to Bugtraq to give Adam Coyne credit.
Anyways, for those of you interested in the problem, making a request for a file with a trailing '\' from a virtual directory hosted on a UNC share will cause the source to be given. So, for example:
Virtual directory: /test/ -> \\some_server\share\ There exists \\some_server\share\test.asp
Now a simple request such as "GET /test/test.asp\ HTTP/1.0" will yeild the source of test.asp.
ps. No, I'm not dead. Fun stuff coming up very soon. :)