Description: Microsoft has issued patches for Frontpage Server Extensions. These fix two vulnerabilities, which can allow malicious people to execute arbitrary code or cause a Denial of Service.
A boundary error in "fp30reg.dll" when handling chunked encoded posts can be exploited to cause a buffer overflow, which may allow execution of arbitrary code with SYSTEM privileges.
It is possible to cause certain SmartHTML (WebBots) to consume all available CPU resources for a short period of time through malicious HTTP requests.
The vulnerabilities affect Microsoft FrontPage Server Extensions 2000 and 2002 (except Windows 2000 systems with Service Pack 4 installed).
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.
Provided and/or discovered by: Brett Moore of Security-Assessment.com
Changelog: 2003-11-12: Updated information released.
2003-11-13: Added link to CERT.
2003-11-14: Updated credits section.
2003-11-17: Added another link to CERT.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
