The passwords that can get grabbed are the FrontPage administrator passwords for making changes too or even building a web site. This can be done remotly. In un-patched versions no user name or password is required if none have been entered.

IIS FrontPage extensions are installed by default so even if one is wise enough not to use front page to build the site the extensions may still allow someone using FrontPage remotely to do anything they want to your site.

A friend of mine built a site with dream weaver. He asked me to check the security on it. The first thing I did was open it in FrontPage. The login box came up and I hit enter without filling it in. So I renamed his index page and put one of my own in and saved the changes. He was rather embarrassed and I was sorry after I did it for acting like an ass instead of just telling him. but at least the whole world and the boss didn’t see it.

Passwords (sometimes) and the local drive and path to the web directory can be read with an html GET request to the correct file.

Frontpage.pl takes a list of servers, previously gotten by scanning an IP range for port 80 then loops through threw them looking for IIS servers that are un-patched. It doesn’t attempt to hack into them just tells you which ones they are. If you apply the patches (old ones at that) it will close these holes but chances are if your server was un-patched for these 2, your probably open to the Unicode exploit. More than likely your computer has been owned by a few others. And more than likely has a Trojan or two feeling quite at home there. You might find some full-length movies in rar file format buried deep in the winnt directory or some porn and some warez if your on broadband.

If I were you Id download the latest service pack for your machine burn them onto cd, format re-install, then apply the service pack before I reconnected the machine to the internet. Then go and get any hot fixes that weren’t on it, from the ms update site.

another site to check is http://www.packetstormsecurity.org/