Gotta Love FrontPage?

Printable View

November 14th, 2003, 02:32 AM
Tedob1

Gotta Love FrontPage?

its hard to beleive that frontpage is still being used.

Ah its new and improved with increased securiry. No more double dot and no more null password problems. well the folks at Kotik (i know its not spelled right) have today released code for MS03-051, that:

Binds persistent command shell on port 9999

Windows 2000 Professional SP3 English version
(fp30reg.dll ver 4.0.2.5526)

-[ 13/Nov/2003 ]-

Actually the code isnt the only way to open a hole:

Another vulnerability exists because of a buffer overrun in the remote debug functionality of FrontPage Server Extensions. This functionality enables users to remotely connect to a server running FrontPage Server Extensions and remotely debug content using, for example, Visual Interdev. An attacker who successfully exploited this vulnerability could be able to run code with IWAM_machinename account privileges on an affected system.

<<<<<<<<<<<<<<<<<<<<<-=O=->>>>>>>>>>>>>>>>>>>>>>

<< <please take note...the web-site only has to have the server extionsions installed to be vulnerable. Win2k has then installed by default >>

<<<<<<<<<<<<<<<<<<<<<-=O=->>>>>>>>>>>>>>>>>>>>>>

The information in this article applies to:

FrontPage 2000 Server Extensions from Microsoft
FrontPage 2002 Server Extensions from Microsoft
SharePoint Team Services from Microsoft
Microsoft Office XP

Work around:

remove front page server extentions. how many times do you have to be told?

or (if you must)

get the patches and learn more:

http://www.microsoft.com/technet/tre...n/MS03-051.asp

in-f#$%ing-credable
November 14th, 2003, 03:26 AM
Jehnny

Hehe, thanks for posting mate. I don't think they're ever gonna get this one right.. *sigh*
November 14th, 2003, 06:27 AM
D0pp139an93r

/me shakes my head.

If it wasn't for Microsoft and all their "features", I wouldn't make half of the money I do right now. Tomorrow I have to go remove a trojan from a lady's computer. (If there is one, I'm not quite sure from what she was sayin...But she's convinced there is one.)

Besides, the user is just as responsible as the software maker when it comes to security. The information is out there, people need to learn to stop looking at brand names and do some research on their own. This is just another example of why people need to keep up with security updates.

*cough* Linux *cough*
LOL.
November 14th, 2003, 07:45 AM
allenb1963

Come on Bill, say it...you'll feel better, it'll be a liberating experience. Come on Bill, you won't regret it....

"Dream Weaver is good....Dream Weaver IS good."

There, you see? Doesn't that feel better?

No Bill...you can't go buy the company...you don't want anymore of that nasty business with the FTC do you? Now get back on the couch and lets talk about a little thing called Linux....
November 14th, 2003, 08:06 AM
Lansing_Banda

Too late www.mslinux.com

edit: make that a .org
www.mslinux.org
November 14th, 2003, 04:11 PM
InfiniteL00p

"MS Linux is released under the provisions of the Gates Private License, which means you can freely use this Software on a single machine without warranty after having paid the purchase price and annual renewal fees."

That's great! Hahah!

Good notes about FrontPage. Stoped using it some time back. Shame though, it was so easy if you didn't want to deal with scripting and coding for small updates and changes. Macromedia kicks butt, tho.

l00p
November 14th, 2003, 05:32 PM
Tedob1

ms should get involved in germ warfare. they just might stumble accross a cure for everything
November 14th, 2003, 11:38 PM
Soda_Popinsky

I use Adobe GoLive, I hear Dreamweaver is awesome as well, but whats frontpage like? Is it easy to use or something?
November 15th, 2003, 12:34 AM
Tedob1

frontpage is allot like using ms-word. if you can use office you can use frontpage. its that easy. its just NEVER been secure.

i had a friend build a site in DW4. asked me to check it out. it opened in frontpage allowed me to change anything i wanted and all because the extentions were installed by default. with no password. he didn't even know they were there.

although the ways of exploiting fp are becoming more complicated the fact is there always seems to be ways.
November 15th, 2003, 12:55 AM
AzynchriX

FrontPage * new and improved * LOL :-) [DUH..]
November 15th, 2003, 06:00 PM
souleman

Quote:

Originally posted here by Tedob1
ms should get involved in germ warfare. they just might stumble accross a cure for everything

Yeah, they probably would find a cure for everything. The only problem is that in the process, it would lower our platelet count, so if you got apaper cut, you would bleed to death..... you konw there has to be a hole in there cure someplace.