How do you exploit Directory Traversal to traverse from one drive/share to another?

In your example, I don't believe traversing to a different drive is possible solely through directory traversal (e.g. ..\..\..\windows\system32).

The most plausible way for an attacker to exploit this may be through a hard/symbolic link which points to somewhere on the C: drive.

If you were then using the path variable as an argument to a command (that is, shelling out) there may be other problems.

I want to mention that, regardless of whether it is possible to traverse across drives, this code is insecure and should not be used.

For instance, it definitely allows path traversal within a single drive. It also allows access to certain special filenames that are implicitly linked into the namespace on every drive, such as CON, PRN, AUX, CLOCK$, NUL, COM0, .., LPT0, ...