Microsoft FrontPage Extensions
| Attack ID: | CPAI-2003-41 |
 |
|
| Publish Date: | |
|
|
| Category: | Microsoft FrontPage Extensions |
|
|
| Vulnerable Systems: | Microsoft Windows 2000 with Service Pack 1 and Service Pack 2 Microsoft Windows XP and Microsoft Windows XP with Service Pack 1 Microsoft Office XP and Microsoft Office XP with Service Release 1 |
|
|
| Source: | MS03-051 |
|
|
| Description: | Microsoft FrontPage is a set of tools, which can be installed on a web server, for designing, authoring and access control, allowing only authorize personnel to content management functions. |
|
|
| Severity: | |
| A buffer overrun exists in the debugging component of Microsoft FrontPage Extensions server, which gives an attacker the ability to run arbitrary code on the vulnerable machine. | |
| Details: | By submitting a chunk encoded POST command to the FrontPage debug module (fp30reg.dll), an attacker may gain <IWAM_machinename> user rights, which may lead to arbitrary code execution or failure of the FrontPage Extensions. |
|
|
| Attack Detection: | Using the SmartView Tracker one can identify attempts to access the fp30reg.dll module. This will generate a log entry stating a <URL Filter pattern detected> has blocked the attempt and show the exact request in the Information field. |
|
|
| Solution: | FireWall-1 NG with Application Intelligence and FP3 users should update SmartDefense to the latest version by pressing the Update Now / Update SmartDefense button in the General tab in the SmartDefense configuration menu. In order to prevent this vulnerability, users deploying FireWall-1 NG with Application Intelligence should verify that the following:
In order to prevent this vulnerability, users deploying FireWall-1 NG FP3 should configure the following:
Install the security policy on all modules for changes to take place. |
|
|
| Industry Reference: | |
|
|
| Additional Information: | nsecure.org |