asp source code exposure

This was flagged as a high vulneribility form a 3rd party sourced perimeter scan. the exploit is http://server/file.asp:$DATA. The problem I am having is that onlyIIS 4 and earlier are supose to be vulnerable, I am running IIS 5. The web server is up to date on Microsoft patches. From an external internetconnection, a windows system using IE get an error 404, no vuln here. From windows with firefox, an attempt to save the source code is attempted, but fails to save. From Linux using firefox, I get the asp source code save to that system. I've been searching for a fix, but hava had no luck. help please