Reported June 22, 2001, by Microsoft.
Microsoft Visual Studio RAD Support in FrontPage Server Extensions
A buffer overflow condition exists in the in the optional sub-component of the FrontPage server extension called Visual Studio RAD (Remote Application Deployment) Support. This sub-component contains an unchecked buffer in a section that processes input information. An attacker can exploit this vulnerability to execute code on the server by sending a specially malformed packet to this component and can execute this cocd under the IUSR_machinename security context. Under the right circumstances, the attacker can also run the code under the system’s security context, letting the attacker take any desired action on the server, including assuming full control of server. This optional component of the FrontPage server extensions is not part of the default installation.
Discovered by NSfocus.