This question is not for the faint of heart, but if you are brave read
on.

Microsoft released a patch a couple of days ago that fixes a ASP.NET
vulnerability related to their SimpleWorkerRequest class. Apparently
you could construct a url that would bypass the ASP.NET securty and you
could serve any page you wanted from IIS since IIS uses the
SimpleWorkerRequest class behind the scenes. Read these knowledge base
articles for more info:
KB887290
KB887219
KB887289

Now, in my app, I use that class to run ASP.NET code outside of IIS
inside a service or an executable. All seemed to work just fine until
Microsoft released the new security patch and now my
SimpleWorkerRequest class doesn't work as expected. More specifically,
I can't run files that are in a folder below the root folder. I have
tried both constructors on the SimpleWorkerRequest, tried all
slash\back slash combinations to no avail. If anybody has any idea of
how to fix this, plz let me know.

Best,

Tasso (anast...@yahoo.com)