Title: Microsoft FrontPage Server Extensions MS-DOS Device Name Denial Of Service Vulnerability
Severity: MODERATE
Description:
It is possible to remotely crash a system running Microsoft FrontPage Server Extensions by conducting a URL request for a MS-DOS device through shtml.exe. For example, the following URL requests will crash FrontPage Server Extensions:
http://target/_vti_bin/shtml.exe/comX.htm (X being one of 1, 2 ,3, or 4; the device must exist on the target machine)
http://target/_vti_bin/shtml.exe/prn.htm
http://target/_vti_bin/shtml.exe/aux.htm
The device name must have an appended extension in order for the exploit to work. In addition to the HTM extension, ASP will work as well. Restarting IIS or rebooting the system is required in order to regain normal functionality.
Testing has shown that it may require a constant stream of these requests in order to render the server ineffective.
Affected Products:
- Microsoft FrontPage 2000 Server Extensions SR 1.1
References:
- SecurityFocus: Microsoft Windows 95/98 MS-DOS Device Name DoS Vulnerability
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
