Unchecked Buffer in FrontPage Server Extension Sub-Component RAD

Reported June 22, 2001, by Microsoft.

VERSIONS AFFECTED

 

  • Microsoft Visual Studio RAD Support in FrontPage Server Extensions

 

DESCRIPTION
A buffer overflow condition exists in the in the optional sub-component of the FrontPage server extension called Visual Studio RAD (Remote Application Deployment) Support. This sub-component contains an unchecked buffer in a section that processes input information. An attacker can exploit this vulnerability to execute code on the server by sending a specially malformed packet to this component and can execute this cocd under the IUSR_machinename security context. Under the right circumstances, the attacker can also run the code under the system’s security context, letting the attacker take any desired action on the server, including assuming full control of server. This optional component of the FrontPage server extensions is not part of the default installation.

 

VENDOR RESPONSE

The vendor, Microsoft, has released security bulletin MS01-035 for this vulnerability and recommends that users of this optional component immediately apply the patch mentioned in the bulletin.

 

CREDIT
Discovered by NSfocus.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish