its hard to beleive that frontpage is still being used.
Ah its new and improved with increased securiry. No more double dot and no more null password problems. well the folks at Kotik (i know its not spelled right) have today released code for MS03-051, that:
Binds persistent command shell on port 9999
Windows 2000 Professional SP3 English version
(fp30reg.dll ver 4.0.2.5526)
-[ 13/Nov/2003 ]-
Actually the code isnt the only way to open a hole:
Another vulnerability exists because of a buffer overrun in the remote debug functionality of FrontPage Server Extensions. This functionality enables users to remotely connect to a server running FrontPage Server Extensions and remotely debug content using, for example, Visual Interdev. An attacker who successfully exploited this vulnerability could be able to run code with IWAM_machinename account privileges on an affected system.
<<<<<<<<<<<<<<<<<<<<<-=O=->>>>>>>>>>>>>>>>>>>>>>
<< <please take note...the web-site only has to have the server extionsions installed to be vulnerable. Win2k has then installed by default >>
<<<<<<<<<<<<<<<<<<<<<-=O=->>>>>>>>>>>>>>>>>>>>>>
The information in this article applies to:
FrontPage 2000 Server Extensions from Microsoft
FrontPage 2002 Server Extensions from Microsoft
SharePoint Team Services from Microsoft
Microsoft Office XP
Work around:
remove front page server extentions. how many times do you have to be told?
or (if you must)
get the patches and learn more:
http://www.microsoft.com/technet/tre...n/MS03-051.asp
in-f#$%ing-credable
Reply With Quote