Arbitrary Code Execution Vulnerability in Microsoft FrontPage Server Extensions

Reported November 11, 2003, by Microsoft.






·         Microsoft Office XP

·         Windows XP

·         Windows 2000




Microsoft FrontPage Server Extensions contains two newly discovered vulnerabilities, the most serious of which can permit an attacker to run arbitrary code on a user's system. The first vulnerability is a result of a buffer overrun in FrontPage Server Extensions' remote debug functionality. The second vulnerability is a Denial of Service (DoS) condiiton in the SmartHTML interpreter. By exploiting these vulnerabilities, an attacker could cause a server running Front Page Server Extensions to temporarily stop responding to requests.




Microsoft has released security bulletin MS03-051, "Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360)," to address these vulnerabilities and recommends that affected users immediately apply the appropriate patch listed in the bulletin.




Discovered by Brett Moore of

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.