Gotta Love FrontPage?

[Tedob1]

its hard to beleive that frontpage is still being used.

Ah its new and improved with increased securiry. No more double dot and no more null password problems. well the folks at Kotik (i know its not spelled right) have today released code for MS03-051, that:

Binds persistent command shell on port 9999

Windows 2000 Professional SP3 English version
(fp30reg.dll ver 4.0.2.5526)

-[ 13/Nov/2003 ]-

Actually the code isnt the only way to open a hole:

Another vulnerability exists because of a buffer overrun in the remote debug functionality of FrontPage Server Extensions. This functionality enables users to remotely connect to a server running FrontPage Server Extensions and remotely debug content using, for example, Visual Interdev. An attacker who successfully exploited this vulnerability could be able to run code with IWAM_machinename account privileges on an affected system.


<<<<<<<<<<<<<<<<<<<<<-=O=->>>>>>>>>>>>>>>>>>>>>>

<< <please take note...the web-site only has to have the server extionsions installed to be vulnerable. Win2k has then installed by default >>

<<<<<<<<<<<<<<<<<<<<<-=O=->>>>>>>>>>>>>>>>>>>>>>


The information in this article applies to:

FrontPage 2000 Server Extensions from Microsoft
FrontPage 2002 Server Extensions from Microsoft
SharePoint Team Services from Microsoft
Microsoft Office XP


Work around:

remove front page server extentions. how many times do you have to be told?

or (if you must)

get the patches and learn more:

http://www.microsoft.com/technet/tre...n/MS03-051.asp

in-f#$%ing-credable

[Jehnny]

Hehe, thanks for posting mate. I don't think they're ever gonna get this one right.. *sigh*

[D0pp139an93r]

/me shakes my head.

If it wasn't for Microsoft and all their "features", I wouldn't make half of the money I do right now. Tomorrow I have to go remove a trojan from a lady's computer. (If there is one, I'm not quite sure from what she was sayin...But she's convinced there is one.)

Besides, the user is just as responsible as the software maker when it comes to security. The information is out there, people need to learn to stop looking at brand names and do some research on their own. This is just another example of why people need to keep up with security updates.

*cough* Linux *cough*
LOL.

[allenb1963]

Come on Bill, say it...you'll feel better, it'll be a liberating experience. Come on Bill, you won't regret it....

"Dream Weaver is good....Dream Weaver IS good."

There, you see? Doesn't that feel better?

No Bill...you can't go buy the company...you don't want anymore of that nasty business with the FTC do you? Now get back on the couch and lets talk about a little thing called Linux....

[Lansing_Banda]

Too late www.mslinux.com

edit: make that a .org
www.mslinux.org

[InfiniteL00p]

"MS Linux is released under the provisions of the Gates Private License, which means you can freely use this Software on a single machine without warranty after having paid the purchase price and annual renewal fees."

That's great! Hahah!

Good notes about FrontPage. Stoped using it some time back. Shame though, it was so easy if you didn't want to deal with scripting and coding for small updates and changes. Macromedia kicks butt, tho.

l00p

[Tedob1]

ms should get involved in germ warfare. they just might stumble accross a cure for everything

[Soda_Popinsky]

I use Adobe GoLive, I hear Dreamweaver is awesome as well, but whats frontpage like? Is it easy to use or something?

[Tedob1]

frontpage is allot like using ms-word. if you can use office you can use frontpage. its that easy. its just NEVER been secure.

i had a friend build a site in DW4. asked me to check it out. it opened in frontpage allowed me to change anything i wanted and all because the extentions were installed by default. with no password. he didn't even know they were there.

although the ways of exploiting fp are becoming more complicated the fact is there always seems to be ways.

[AzynchriX]

FrontPage * new and improved * LOL :-) [DUH..]