| VID |
21051 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The MS FrontPage Image Mapper, htimage.exe CGI is vulnerable to a buffer overflow attack.
The htimage.exe and imagemap.exe files included with FrontPage handle server-side image mapping functions. Under normal operations, it would be passed a map name and a set of coordinates in the format http://target/path/htimage.exe/mapname?x,y .
By sending a mapname of 741 characters or greater, a remote attacker could overflow a buffer and execute arbitrary code on the server, although only with the privileges of that user.
* Platforms Affected:
Microsoft FrontPage Server Extensions 97
Microsoft FrontPage Server Extensions 98
Microsoft Personal Web Server 4.0
Microsoft Windows Any version
* References:
http://www.securityfocus.com/bid/1117
http://www.iss.net/security_center/static/4484.php |
| Recommendation |
Find and delete the files htimage.exe and imagemap.exe from production Web servers, as recommended by Microsoft in Microsoft Security Bulletin MS00-28, http://www.microsoft.com/technet/security/bulletin/ms00-028.asp
This workaround disables server-side image mapping capabilities, preventing legacy browsers from accessing image maps on the server. The functionality provided by these files is largely no longer needed as modern browsers include the ability to process image maps themselves. |
| Related URL |
CVE-2000-0256 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
