Unchecked Buffer in FrontPage Server Extensions (Visual InterDev RAD Remote Deployment Support)

vendor:

FrontPage Server Extensions

by:

NSFOCUS Security Team

7.5

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: FrontPage Server Extensions

Affected Version From: FrontPage Server Extensions (Visual InterDev RAD Remote Deployment Support) in IIS 5.0 and 4.0

Affected Version To: FrontPage Server Extensions (Visual InterDev RAD Remote Deployment Support) in IIS 5.0 and 4.0

Patch Exists: NO

Related CWE: Unknown

CPE: a:microsoft:iis:5.0, cpe:/a:microsoft:iis:4.0

Metasploit:

Other Scripts:

Platforms Tested:

2001

Unchecked Buffer in FrontPage Server Extensions (Visual InterDev RAD Remote Deployment Support)

A specially crafted request via 'fp30reg.dll' could allow a user to execute arbitrary commands in the context of IWAM_machinename on a host running IIS 5.0. A host running IIS 4.0 could allow the execution of arbitrary commands in the SYSTEM context.

Mitigation:

Apply the necessary patches and updates provided by the vendor.

Source

Unchecked Buffer in FrontPage Server Extensions (Visual InterDev RAD Remote Deployment Support)

Mitigation:

Exploit-DB raw data: