Vulnerabilities > CVE-2003-0824 - Unspecified vulnerability in Microsoft products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 | |
OS | 5 |
Nessus
NASL family | Web Servers |
NASL id | FRONTPAGE_CHUNKED_OVERFLOW.NASL |
description | The remote Microsoft FrontPage server seems vulnerable to a remote buffer overflow. Exploitation of this bug could give an unauthorized user access to the machine. The following systems are known to be vulnerable: Microsoft Windows 2000 Service Pack 2, Service Pack 3 Microsoft Windows XP, Microsoft Windows XP Service Pack 1 Microsoft Office XP, Microsoft Office XP Service Release 1. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 11923 |
published | 2003-11-12 |
reporter | This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/11923 |
title | Microsoft FrontPage Server Extensions (fp30reg.dll) Debug Function Remote Overflow (MS03-051 / 813360) |
code |
|
Oval
accepted 2011-05-16T04:02:41.914-04:00 class vulnerability contributors name Tiffany Bergeron organization The MITRE Corporation name Tiffany Bergeron organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Anna Min organization BigFix, Inc name Glenn Strickland organization Secure Elements, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request. family windows id oval:org.mitre.oval:def:308 status accepted submitted 2003-12-09T12:00:00.000-04:00 title MS FrontPage Server Extensions SmartHTML Denial of Service (Test 1) version 13 accepted 2008-03-24T04:00:49.284-04:00 class vulnerability contributors name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Glenn Strickland organization Secure Elements, Inc. name Jonathan Baker organization The MITRE Corporation
definition_extensions comment Microsoft Windows NT is installed oval oval:org.mitre.oval:def:36 description Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request. family windows id oval:org.mitre.oval:def:591 status accepted submitted 2003-12-09T12:00:00.000-04:00 title MS FrontPage Server Extensions SmartHTML Denial of Service (Test 2) version 25 accepted 2011-05-16T04:03:15.195-04:00 class vulnerability contributors name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Glenn Strickland organization Secure Elements, Inc. name Shane Shaffer organization G2, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request. family windows id oval:org.mitre.oval:def:606 status accepted submitted 2003-12-09T12:00:00.000-04:00 title MS FrontPage Server Extensions SmartHTML Denial of Service (Test 3) version 14 accepted 2016-02-19T10:00:00.000-04:00 class vulnerability contributors name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Glenn Strickland organization Secure Elements, Inc. name Jonathan Baker organization The MITRE Corporation name Jonathan Baker organization The MITRE Corporation name Shane Shaffer organization G2, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
definition_extensions comment Microsoft Windows NT is installed oval oval:org.mitre.oval:def:36 description Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request. family windows id oval:org.mitre.oval:def:625 status accepted submitted 2003-12-09T12:00:00.000-04:00 title MS FrontPage Server Extensions SmartHTML Denial of Service (Test 4) version 25 accepted 2016-02-19T10:00:00.000-04:00 class vulnerability contributors name Andrew Buttner organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Glenn Strickland organization Secure Elements, Inc. name Shane Shaffer organization G2, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request. family windows id oval:org.mitre.oval:def:762 status accepted submitted 2003-12-09T12:00:00.000-04:00 title MS FrontPage Server Extensions SmartHTML Denial of Service (Test 5) version 10
Seebug
bulletinFamily | exploit |
description | <p><strong>漏洞描述:</strong></p><p>Microsoft FrontPage服务器扩展是Microsoft公司开发的用于加强IIS Web服务器的功能的软件包。Microsoft FrontPage Server Extensions存在两个新的安全漏洞,可导致远程攻击者可以利用这个漏洞进行缓冲区溢出攻击,可能以FrontPage进程权限在系统上执行任意指令。 第一个漏洞是由于FrontPage服务扩展的远程调试功能上存在缓冲区溢出,这个功能用于用户远程连接FrontPage服务扩展的服务器和远程调试内容使用,如Visual Interdev。攻击者成功利用这个漏洞可以以本地SYSTEM权限在系统上执行任意指令,然后在系统上执行任意操作,如安装程序,查看更改或删除数据,建立拥有全部权限的帐户等。 第二个漏洞存在与SmartHTML解析器中,提供对WEB表单和其他基于FrontPage动态内容的支持,攻击者利用这个漏洞可以使运行FrontPage服务扩展的服务器临时停止对正常请求的响应。</p><p><strong>漏洞影响:</strong></p><p>受影响的系统:</p><p> •Microsoft Windows 2000 Service Pack 2, Service Pack 3</p><p>•Microsoft Windows XP, Microsoft Windows XP Service Pack 1</p><p>•Microsoft Windows XP 64-Bit Edition, Microsoft Windows XP 64-Bit Edition Service Pack 1</p><p>•Microsoft Office XP, Microsoft Office XP Service Pack 1, Service Pack 2</p><p>•Microsoft Office 2000 Server Extensions</p><p>不受影响的系统: </p><p>•Microsoft Windows Millennium Edition </p><p>•Microsoft Windows NT Workstation 4.0, Service Pack 6a </p><p>•Microsoft Windows NT Server 4.0, Service Pack 6a </p><p>•Microsoft Windows NT Server 4.0, Terminal Server Edition, Service Pack 6 </p><p>•Microsoft Windows 2000 Service Pack 4 </p><p>•Microsoft Windows XP 64-Bit Edition Version 2003 </p><p>•Microsoft Windows Server 2003 (Windows SharePoint Services) </p><p>•Microsoft Windows Server 2003 64-Bit Edition (Windows SharePoint Services)</p><p>•Microsoft Office System 2003 </p><p>Affected Components: </p><p>•Microsoft FrontPage Server Extensions 2000 (For Windows NT4) and Microsoft Office 2000 Server Extensions (Shipped with Office 2000)</p><p>•Microsoft FrontPage Server Extensions 2000 (Shipped with Windows 2000)</p><p>•Microsoft FrontPage Server Extensions 2000 (Shipped with Windows XP) </p><p>•Microsoft FrontPage Server Extensions 2000 64-bit (Shipped with Windows XP 64-bit)</p><p>•Microsoft FrontPage Server Extensions 2002 </p><p>•Microsoft SharePoint Team Services 2002 (Shipped with Office XP)</p><p><strong>CVE-ID:CVE-2003-0822,CVE-2003-0824 </strong></p><p><strong>CNNVD-ID:CNNVD-200312-061,CNNVD-200312-053</strong></p><p><strong>CNVD-ID:CNVD-2003-3292</strong> </p><p><strong></strong> </p><p><strong>解决方案:</strong></p><p>Microsoft </p><p>--------- </p><p>Microsoft已经为此发布了一个安全公告(MS03-051)以及相应补丁:</p><p>MS03-051:Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360)链接:<a href="http://www.microsoft.com/technet/security/bulletin/MS03-051.asp">http://www.microsoft.com/technet/security/bulletin/MS03-051.asp</a></p><p>补丁下载:Microsoft FrontPage Server Extensions 2000 <a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=C84C3D10-A821-4819-BF58-D3BC70A77BFA&displaylang=en">http://www.microsoft.com/downloads/details.aspx?FamilyId=C84C3D10-A821-4819-BF58-D3BC70A77BFA&displaylang=en</a> </p><p>Microsoft FrontPage Server Extensions 2000 (Shipped with Windows 2000) <a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=057D5F0E-0E2B-47D2-9F0F-3B15DD8622A2&displaylang=en">http://www.microsoft.com/downloads/details.aspx?FamilyId=057D5F0E-0E2B-47D2-9F0F-3B15DD8622A2&displaylang=en</a> </p><p>Microsoft FrontPage Server Extensions 2000 (Shipped with Windows XP) <a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=9B302532-BFAB-489B-82DC-ED1E49A16E1C&displaylang=en">http://www.microsoft.com/downloads/details.aspx?FamilyId=9B302532-BFAB-489B-82DC-ED1E49A16E1C&displaylang=en</a> </p><p>Microsoft FrontPage Server Extensions 2002 <a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=3E8A21D9-708E-4E69-8299-86C49321EE25&displaylang=en">http://www.microsoft.com/downloads/details.aspx?FamilyId=3E8A21D9-708E-4E69-8299-86C49321EE25&displaylang=en</a> </p><p>Microsoft SharePoint Team Services 2002 (shipped with Office XP) <a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=5923FC2F-D786-4E32-8F15-36A1C9E0A340&displaylang=en">http://www.microsoft.com/downloads/details.aspx?FamilyId=5923FC2F-D786-4E32-8F15-36A1C9E0A340&displaylang=en</a></p> |
id | SSV:13803 |
last seen | 2017-11-19 |
modified | 2003-11-13 |
published | 2003-11-13 |
reporter | Root |
source | https://www.seebug.org/vuldb/ssvid-13803 |
title | MS Frontpage Server Extensions fp30reg.dll Exploit (MS03-051) |
References
- http://secunia.com/advisories/10195
- http://www.kb.cert.org/vuls/id/179012
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-051
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13680
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A308
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A591
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A606
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A625
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A762