NI3
11-13-2003, 11:05 AM
TITLE:
Microsoft Frontpage Server Extensions Remotely Exploitable Buffer
Overflow
SECUNIA ADVISORY ID:
SA10195
VERIFY ADVISORY:
[Only registered and activated users can see links]
CRITICAL:
Highly critical
IMPACT:
DoS, System access
WHERE:
From remote
SOFTWARE:
Microsoft Internet Information Server (IIS) 5.x
DESCRIPTION:
Microsoft has issued patches for Frontpage Server Extensions which
fix two vulnerabilities allowing malicious people to execute
arbitrary code or cause a Denial of Service.
An uncontrolled buffer in a DLL file allows malicious people to cause
a buffer overflow in the remote debug functionality in FrontPage
Server Extensions. This can be exploited to execute arbitrary code
with System privileges.
It is possible to cause certain SmartHTML (WebBots) to consume all
available CPU resources for a short period of time through malicious
HTTP requests.
This affects Microsoft FrontPage Server Extensions 2000 and 2002.
Except Windows 2000 systems with Service Pack 4 installed.
SOLUTION:
Patches are available:
Microsoft FrontPage Server Extensions 2000
[Only registered and activated users can see links]
Microsoft FrontPage Server Extensions 2000 (Shipped with Windows
2000)
[Only registered and activated users can see links]
Microsoft FrontPage Server Extensions 2000 (Shipped with Windows XP)
[Only registered and activated users can see links]
Microsoft FrontPage Server Extensions 2002
[Only registered and activated users can see links]
Microsoft SharePoint Team Services 2002 (shipped with Office XP)
[Only registered and activated users can see links]
REPORTED BY / CREDITS:
Brett Moore, Security-Assessment
ORIGINAL ADVISORY:
Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow
Code Execution (813360)
[Only registered and activated users can see links]
----------------------------------------------------------------------
Microsoft Frontpage Server Extensions Remotely Exploitable Buffer
Overflow
SECUNIA ADVISORY ID:
SA10195
VERIFY ADVISORY:
[Only registered and activated users can see links]
CRITICAL:
Highly critical
IMPACT:
DoS, System access
WHERE:
From remote
SOFTWARE:
Microsoft Internet Information Server (IIS) 5.x
DESCRIPTION:
Microsoft has issued patches for Frontpage Server Extensions which
fix two vulnerabilities allowing malicious people to execute
arbitrary code or cause a Denial of Service.
An uncontrolled buffer in a DLL file allows malicious people to cause
a buffer overflow in the remote debug functionality in FrontPage
Server Extensions. This can be exploited to execute arbitrary code
with System privileges.
It is possible to cause certain SmartHTML (WebBots) to consume all
available CPU resources for a short period of time through malicious
HTTP requests.
This affects Microsoft FrontPage Server Extensions 2000 and 2002.
Except Windows 2000 systems with Service Pack 4 installed.
SOLUTION:
Patches are available:
Microsoft FrontPage Server Extensions 2000
[Only registered and activated users can see links]
Microsoft FrontPage Server Extensions 2000 (Shipped with Windows
2000)
[Only registered and activated users can see links]
Microsoft FrontPage Server Extensions 2000 (Shipped with Windows XP)
[Only registered and activated users can see links]
Microsoft FrontPage Server Extensions 2002
[Only registered and activated users can see links]
Microsoft SharePoint Team Services 2002 (shipped with Office XP)
[Only registered and activated users can see links]
REPORTED BY / CREDITS:
Brett Moore, Security-Assessment
ORIGINAL ADVISORY:
Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow
Code Execution (813360)
[Only registered and activated users can see links]
----------------------------------------------------------------------