Results 1 to 2 of 2

Thread: FYI

  1. #1
    Join Date
    Dec 1969

    Default FYI

    All,<BR><BR>It has come to our attention that MS Front Page Server may be vulnerable to remote execution of code.<BR>We recommend that the patch (found at the link below) be installed or administrators secure systems by uninstalling FPSE.<BR><BR>The affected Products are MS FrontPage Server Extensions 2000 (denial of service) and MS FrontPage Server Extensions 2002 (compromise)<BR><BR>The affected FPSE software installs by default as part of IIS 4.0, 5.0,and 5.1. <BR><BR>Microsoft IIS servers provide support for FrontPage-based dynamic web <BR>content via the "SmartHTML" interpreter (shtml.dll). This interpreter <BR>has a buffer overflow vulnerability that allows remote attackers to <BR>consume 100% CPU or, in the case of FPSE 2002, execute arbitrary code <BR>with system privileges.<BR><BR> Exploitations:<BR> An attacker must send a malicious web request for a particular type of file along with some specific parameters to a vulnerable server.<BR> Remote execution of arbitrary code with system privileges, or denial of service. <BR> <BR><BR>References:<BR>Microsoft Security Bulletin: <BR><BR><BR>

  2. #2
    Join Date
    Dec 1969

    Default RE: FYI

    Vulnerabilities come out all the time for IIS allowing remote execution of code. <BR><BR>You must keep internet facing IIS servers fully patched.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts