Can you post some (partial) code? That may give us an idea...

I'm guessing they're running on IIS; should be easy to configure the server not to give out an exact error message and replace it with something less informative (from an attackers point of view).

Also a bit of error detection in the code not only makes the code more "solid" but it can also prevent these error messages.

I've seen it happen before. They [developers] write some code that makes a connection to a database. The object returned will be used without testing if this object actually got created. The code will run fine.......until the day the database isn't available (for whatever reason). Then it throws up some error message with way to much info in it. If they checked to see if the object really existed they could have created a more 'sanatized' and meaningful (to the user) error message.