| VID |
22087 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
FrontPage Server Extension Sub-Component is vulnerable to a remote buffer attack.
The vulnerability results because of an unchecked buffer in a subcomponent of FrontPage Server Extensions called the Visual InterDev RAD Remote Deployment Support sub-component. A specially crafted request via 'fp30reg.dll' could allow a remote user to execute arbitrary commands in the context of IWAM_machinename on a host running IIS 5.0. A host running IIS 4.0, could allow the execution of arbitrary commands in the SYSTEM context.
FrontPage Server Extensions ship as part of IIS 4.0 and 5.0, and facilitate the development of Web sites and Web-based applications. FrontPage Server Extensions includes an additional, optional sub-component called Visual Studio RAD (Remote Application Deployment) Support. This sub-component allows Visual InterDev 6.0 users to register and unregister COM objects on an IIS 4.0 or 5.0 Server.
An attacker could exploit this vulnerability against any server with this sub-component installed by establishing a web session on with the server and passing a malformed packet to the server component. The attacker could use that packet to thereby load code of his choice for execution on the server. An attack that exploits this vulnerability would execute in the IUSR_machinename context. However, it is possible under certain circumstances to execute code in the SYSTEM context.
This is detailed in Microsoft Advisory MS01-035.
* References:
http://www.microsoft.com/technet/security/bulletin/MS01-035.asp
http://www.securityfocus.com/bid/2906 |
| Recommendation |
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS01-035 (https://technet.microsoft.com/library/security/ms01-035).
Download locations for this patch
* Microsoft Windows NT 4.0:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID= 31038
* Microsoft Windows 2000:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID= 30727 |
| Related URL |
CVE-2001-0341 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
