| VID |
21267 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Microsoft Frontpage Server has a buffer overflow and a denial of service vulnerability, the most serious of which could enable an attacker to run arbitrary code on a user's system.
The first vulnerability exists because of a buffer overrun in the remote debug functionality of FrontPage Server Extensions. This functionality enables users to remotely connect to a server running FrontPage Server Extensions and remotely debug content using, for example, Visual Interdev. An attacker who successfully exploited this vulnerability could be able to run code with IWAM_machinename account privileges on an affected system, or could cause FrontPage Server Extensions to fail.
The second vulnerability is a Denial of Service vulnerability that exists in the SmartHTML interpreter. This functionality is made up of a variety of dynamic link library files, and exists to support certain types of dynamic web content. An attacker who successfully exploited this vulnerability could cause a server running FrontPage Server Extensions to temporarily stop responding to requests.
* References:
http://www.microsoft.com/technet/security/bulletin/ms03-051.asp
* Platforms Affected:
Windows 2000 SP2, SP3
Windows XP, Windows XP SP1
MS Office XP, MS Office XP Service Release 1 |
| Recommendation |
Apply the appropriate patch for your system, as listed in Microsoft's security bulletin MS03-051 at http://www.microsoft.com/technet/security/bulletin/ms03-051.asp
1. Open the following page :
For Microsoft FrontPage Server Extensions 2000:
http://www.microsoft.com/downloads/details.aspx?FamilyId=C84C3D10-A821-4819-BF58-D3BC70A77BFA
For Microsoft FrontPage Server Extensions 2000 (Shipped with Windows 2000):
http://www.microsoft.com/downloads/details.aspx?FamilyId=057D5F0E-0E2B-47D2-9F0F-3B15DD8622A2
For Microsoft FrontPage Server Extensions 2000 (Shipped with Windows XP):
http://www.microsoft.com/downloads/details.aspx?FamilyId=9B302532-BFAB-489B-82DC-ED1E49A16E1C
For Microsoft FrontPage Server Extensions 2002:
http://www.microsoft.com/downloads/details.aspx?FamilyId=3E8A21D9-708E-4E69-8299-86C49321EE25
For Microsoft SharePoint Team Services 2002 (shipped with Office XP):
http://www.microsoft.com/downloads/details.aspx?FamilyId=5923FC2F-D786-4E32-8F15-36A1C9E0A340
2. Select a different language from the drop-down list and click <Go> button.
3. Click <Download> button to download this patch file.
4. Run this file to install the patch.
-- OR --
Un-install FrontPage Server Extensions in Add or Remove programs, if it is not needed:
1. From the Start button, choose Control Panel.
2. Select Add or Remove programs.
3. Select Add/Remove Windows Components.
4. Select "Internet Information Services (IIS)" and choose "Details".
5. Uncheck "FrontPage 2000 Server Extensions" and choose OK.
6. Choose Next in the Windows Components Wizard and choose Finish. |
| Related URL |
CVE-2003-0822,CVE-2003-0824 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
