HTTP: Microsoft Frontpage MS-DOS Device Name DoS
This signature detects attempts to exploit a known vulnerability in Microsoft Frontpage. Attackers can send a malformed request with an MS-DOS device name to shtml.exe to crash the server.
Extended Description
It is possible to remotely crash a system running Microsoft FrontPage Server Extensions by conducting a URL request for a MS-DOS device through shtml.exe. For example, the following URL requests will crash FrontPage Server Extensions: http://target/_vti_bin/shtml.exe/comX.htm (X being one of 1, 2 ,3, or 4; the device must exist on the target machine) http://target/_vti_bin/shtml.exe/prn.htm http://target/_vti_bin/shtml.exe/aux.htm The device name must have an appended extension in order for the exploit to work. In addition to the HTM extension, ASP will work as well. Restarting IIS or rebooting the system is required in order to regain normal functionality. Testing has shown that it may require a constant stream of these requests in order to render the server ineffective.
Affected Products
Microsoft frontpage_2000_server_extensions
References
BugTraq: 1608
CVE: CVE-2000-0710
URL: http://www.securityfocus.com/bid/1043 http://www.juniper.net/security/auto/vulnerabilities/vuln2008.html
Short Name
HTTP:FRONTPAGE:DOS-NAME-DOS
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2000-0709 CVE-2000-0710 Device DoS Frontpage MS-DOS Microsoft Name bid:1608
Release Date
12/08/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Microsoft
CVSS Score
5.0