Make Homepage | Add To Favorites | Print Page | Submit News | Feedback | Contact | 

Your Technical Computer Information Resource!  
     
  Technical Updates @ TACKtech Corp.  

11.12.2003 - MS03-051: Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360)



View Microsoft-Office related news. This bulletin addresses two new security vulnerabilities in Microsoft FrontPage Server Extensions, the most serious of which could enable an attacker to run arbitrary code on a user's system.

The first vulnerability exists because of a buffer overrun in the remote debug functionality of FrontPage Server Extensions. This functionality enables users to remotely connect to a server running FrontPage Server Extensions and remotely debug content using, for example, Visual Interdev. An attacker who successfully exploited this vulnerability could be able to run code with Local System privileges on an affected system, or could cause FrontPage Server Extensions to fail. The attacker could then take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges.

The second vulnerability is a Denial of Service vulnerability that exists in the SmartHTML interpreter. This functionality is made up of a variety of dynamic link library files, and exists to support certain types of dynamic web content. An attacker who successfully exploited this vulnerability could cause a server running Front Page Server Extensions to temporarily stop responding to requests.

- Download FrontPage Server Extensions 2000 Patch
- Download FrontPage Server Extensions 2000 (Shipped with Windows 2000) Patch
- Download FrontPage Server Extensions 2000 (Shipped with Windows XP)
- Download FrontPage Server Extensions 2002 Patch
- Download SharePoint Team Services 2002 (shipped with Office XP) Patch
- View Microsoft Knowledge Base Article - 813360
- View Microsoft Security Bulletin
- Visit Microsoft Corporation

NID: 1707 / Submitted by: Travis
Categories: Microsoft, Patches and Updates
Most recent Microsoft-Office related news.
Update for Microsoft Office Outlook 2007 Junk Email Filter (December 2010) (KB2466076)
MS09-030 - Important: Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (969516)
MS09-017 - Critical: Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (967340)
MS09-009 - Critical: Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557)
MS09-010 - Critical: Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477)
View archive of Microsoft-Office related news.

Visit the TACKtech Shop
  Popular Tech News  
  Most Viewed News  
  Top Affiliates  
........