FrontPage DoS and Path Exposure
Reported July 2, 2000 by
Dimitri van de Giessen

VERSIONS EFFECTED
FrontPage 2000 Server Extensions, version 1.0

DESCRIPTION

FrontPage server extensions will expose critical path information when errors occur while accessing certain DLL files related to the extensions. For example, accessing an invalid file through "_vti_bin/shtml.dll" will reveal path information.

The URL http://targetsystem/_vti_bin/shtml.dll/nosuch.htm would result in the error message "Cannot open D:\Inetpub\virtuals\powerasp\nosuch.htm: no such file or folder."

In addition, if numerous connections are established to the shtml.dll file, the server can be caused to utilize100% of its available CPU cycles

VENDOR RESPONSE

Microsoft is aware of these issues, which will be fixed in Version 1.2 of the FrontPage Server Extensions due for release "any time now" as of July 6, 2000.

CREDITS
Discovered and reported by Dimitri van de Giessen