This applies as well to perl and cgi scripts (cgi in iis3.0)
For example:
http://www.activestate.com/lyris/lyris.pl::$DATA
MS hasn't fixed their own site (heh), but they promise a fix today.
http://www.microsoft.com/default.asp::$DATA
In the meantime, Christoph Wille <Christoph.Wille@softwing.com> from Sofwing
has graciously
made available an IIS ISAPI filter that will protect a site from the ::$DATA
vulnerability. You can find it at
http://www.softwing.com/iisdev/ddatafix/
Andrew