Reported December 22, 2000 by Microsoft

VERSIONS AFFECTED
  • Microsoft FrontPage Server Extensions

DESCRIPTION

Microsoft FrontPage Server Extensions, which ship with Windows NT 4.0 and Windows 2000 Server, are vulnerable to a remote Denial of Service (DoS) attack. Due to the way FrontPage Server Extensions process Web forms, a malicious user can cause Microsoft IIS to stop responding by supplying malformed data to one of the FrontPage Server Extension objects.

VENDOR RESPONSE

Microsoft has released security bulletin MS00-100 and patches to address the issue.

For IIS 5.0 - http://download.microsoft.com/download/win2000platform/Patch/q280322/NT5/EN-US/Q280322_W2K_SP2_x86_en.EXE

For IIS 4.0 - http://download.microsoft.com/download/winntsrv40/Patch/q280322/NT4/EN-US/Q280322i.EXE

CREDIT
Discovered by
eEye Digital Security