Reported November 11, 2003, by Microsoft.

 

 

 

VERSIONS AFFECTED

 

·         Microsoft Office XP

·         Windows XP

·         Windows 2000

 

DESCRIPTION

 

Microsoft FrontPage Server Extensions contains two newly discovered vulnerabilities, the most serious of which can permit an attacker to run arbitrary code on a user's system. The first vulnerability is a result of a buffer overrun in FrontPage Server Extensions' remote debug functionality. The second vulnerability is a Denial of Service (DoS) condiiton in the SmartHTML interpreter. By exploiting these vulnerabilities, an attacker could cause a server running Front Page Server Extensions to temporarily stop responding to requests.

 

VENDOR RESPONSE

 

Microsoft has released security bulletin MS03-051, "Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360)," to address these vulnerabilities and recommends that affected users immediately apply the appropriate patch listed in the bulletin.

 

CREDIT

 

Discovered by Brett Moore of Security-Assessment.com.