Vulnerabilities > CVE-2006-0015 - Cross-Site Scripting vulnerability in Microsoft products

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
microsoft
nessus
exploit available

Summary

Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.

Vulnerable Configurations

Part Description Count
Application
Microsoft
2

Exploit-Db

descriptionMicrosoft FrontPage Server Extensions Cross-Site Scripting Vulnerability. CVE-2006-0015. Webapps exploit for cgi platform
idEDB-ID:27620
last seen2016-02-03
modified2006-04-11
published2006-04-11
reporterEsteban Martinez Fayo
sourcehttps://www.exploit-db.com/download/27620/
titleMicrosoft FrontPage Server Extensions Cross-Site Scripting Vulnerability

Nessus

  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_C0171F59EA8A11DABE02000C6EC775D9.NASL
    descriptionEsteban Martinez Fayo reports : The FrontPage Server Extensions 2002 (included in Windows Sever 2003 IIS 6.0 and available as a separate download for Windows 2000 and XP) has a web page /_vti_bin/_vti_adm/fpadmdll.dll that is used for administrative purposes. This web page is vulnerable to cross site scripting attacks allowing an attacker to run client-side script on behalf of an FPSE user. If the victim is an administrator, the attacker could take complete control of a Front Page Server Extensions 2002 server. To exploit the vulnerability an attacker can send a specially crafted e-mail message to a FPSE user and then persuade the user to click a link in the e-mail message. In addition, this vulnerability can be exploited if an attacker hosts a malicious website and persuade the user to visit it.
    last seen2020-06-01
    modified2020-06-02
    plugin id21591
    published2006-05-24
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21591
    titleFreeBSD : frontpage -- XSS vulnerability (c0171f59-ea8a-11da-be02-000c6ec775d9)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(21591);
      script_version("1.20");
      script_cvs_date("Date: 2019/08/02 13:32:38");
    
      script_cve_id("CVE-2006-0015");
    
      script_name(english:"FreeBSD : frontpage -- XSS vulnerability (c0171f59-ea8a-11da-be02-000c6ec775d9)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Esteban Martinez Fayo reports :
    
    The FrontPage Server Extensions 2002 (included in Windows Sever 2003
    IIS 6.0 and available as a separate download for Windows 2000 and XP)
    has a web page /_vti_bin/_vti_adm/fpadmdll.dll that is used for
    administrative purposes. This web page is vulnerable to cross site
    scripting attacks allowing an attacker to run client-side script on
    behalf of an FPSE user. If the victim is an administrator, the
    attacker could take complete control of a Front Page Server Extensions
    2002 server.
    
    To exploit the vulnerability an attacker can send a specially crafted
    e-mail message to a FPSE user and then persuade the user to click a
    link in the e-mail message.
    
    In addition, this vulnerability can be exploited if an attacker hosts
    a malicious website and persuade the user to visit it."
      );
      # http://marc.theaimsgroup.com/?l=bugtraq&m=114487846329000
      script_set_attribute(
        attribute:"see_also",
        value:"https://marc.info/?l=bugtraq&m=114487846329000"
      );
      # http://www.microsoft.com/technet/security/bulletin/MS06-017.mspx
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?319d9c31"
      );
      # http://www.rtr.com/fpsupport/fpse_release_may_2_2006.htm
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?909c12a8"
      );
      # https://vuxml.freebsd.org/freebsd/c0171f59-ea8a-11da-be02-000c6ec775d9.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?d0dc6b69"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:frontpage");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mod_frontpage13");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mod_frontpage20");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mod_frontpage21");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mod_frontpage22");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/04/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/05/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/05/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"frontpage<5.0.2.4803")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"mod_frontpage13<5.0.2.4803")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"mod_frontpage20<5.0.2.4803")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"mod_frontpage21<5.0.2.4803")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"mod_frontpage22<5.0.2.4803")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyWindows : Microsoft Bulletins
    NASL idFRONTPAGE_FPADMDLL_XSS.NASL
    descriptionThe version of Microsoft FrontPage Server Extensions 2002 / SharePoint Team Services on the remote host is affected by a cross-site scripting (XSS) vulnerability due to improper sanitization of user-supplied input to the
    last seen2020-06-01
    modified2020-06-02
    plugin id21247
    published2006-04-21
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/21247
    titleMS06-017: FrontPage fpadmdll.dll Multiple Parameter XSS (917627)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(21247);
      script_version("1.30");
      script_cvs_date("Date: 2018/11/15 20:50:32");
    
      script_cve_id("CVE-2006-0015");
      script_bugtraq_id(17452);
      script_xref(name:"MSFT", value:"MS06-017");
      script_xref(name:"MSKB", value:"908981");
      script_xref(name:"MSKB", value:"911701");
      script_xref(name:"MSKB", value:"911831");
    
      script_name(english:"MS06-017: FrontPage fpadmdll.dll Multiple Parameter XSS (917627)");
      script_summary(english:"Checks version of FrontPage's fpadmdll.dll.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote web server contains a server extension that is affected by
    a cross-site scripting vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The version of Microsoft FrontPage Server Extensions 2002 / SharePoint
    Team Services on the remote host is affected by a cross-site scripting
    (XSS) vulnerability due to improper sanitization of user-supplied
    input to the 'operation', 'command', and 'name' parameters to file
    /_vti_bin/_vti_adm/fpadmdll.dll before using the input to generate
    dynamic HTML. A remote attacker can exploit this issue to cause
    arbitrary HTML and script code to be executed in a user's browser
    session in the context of the affected website.");
      script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2006/ms06-017");
      script_set_attribute(attribute:"solution", value:
    "Microsoft has released a set of patches for Frontapage 2002 for XP and
    2003.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/04/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/04/21");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:frontpage_server_extensions");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows : Microsoft Bulletins");
    
      script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.");
    
      script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
      script_require_keys("SMB/MS_Bulletin_Checks/Possible");
      script_require_ports(139, 445, 'Host/patch_management_checks');
    
      exit(0);
    }
    
    include("smb_func.inc");
    include("smb_hotfixes.inc");
    include("smb_hotfixes_fcheck.inc");
    include("misc_func.inc");
    
    bulletin = 'MS06-017';
    kbs = make_list("908981", "911831", "911701");
    
    if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);
    
    
    if (hotfix_check_sp(xp:3, win2003:2) <= 0) exit(0);
    fp_root = get_kb_item ("Frontpage/2002/path");
    if (!fp_root) exit (0);
    
    if (is_accessible_share())
    {
      if (hotfix_check_fversion(file:"fpadmdll.dll", path:fp_root + "\isapi\_vti_adm", version:"10.0.6790.0") == HCF_OLDER)
      {
        security_warning(get_kb_item("SMB/transport"));
        set_kb_item(name: 'www/0/XSS', value: TRUE);
      }
      hotfix_check_fversion_end();
    }
    else if (
      hotfix_missing(name:"908981") > 0 &&
      hotfix_missing(name:"911831") > 0 &&
      hotfix_missing(name:"911701") > 0
    ) {
      security_warning(get_kb_item("SMB/transport"));
      set_kb_item(name:"SMB/Missing/MS06-017", value:TRUE);
      set_kb_item(name: 'www/0/XSS', value: TRUE);
      }
    

Oval

accepted2015-08-10T04:00:22.654-04:00
classvulnerability
contributors
  • nameRobert L. Hollis
    organizationThreatGuard, Inc.
  • nameo
    organizationALTX-SOFT
definition_extensions
commentMicrosoft FrontPage Server Extensions 2002 is installed
ovaloval:org.mitre.oval:def:28542
descriptionCross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.
familywindows
idoval:org.mitre.oval:def:1748
statusaccepted
submitted2006-04-13T02:47:00.000-04:00
titleFPSE XSS Vulnerability
version4