282 : Microsoft FrontPage dvwssr.dll Backdoor and Overflow
Printer | http://osvdb.org/282 | Email This | Edit Vulnerability

Views This Week

Views All Time

112

Info

Last Modified

about 1 year ago

Percent Complete

70%

Disclosure

Apr 14, 2000

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

The Microsoft FrontPage 'dvwssr.dll' file contains a backdoor password and a flaw that allows anyone with web authoring permissions to change other user's files. It also has a buffer overflow that allows an attacker to run arbitrary commands.

Classification

Attack Type: Input Manipulation

Technical

dvwssr.dll is a server-side component used to support the Link View feature in Visual Interdev 1.0 which contains an unchecked buffer. If overrun with data, it could be used to cause an affected server to crash, or could allow arbitrary code to run on the server in a System context.

Solution

Set the permissions on the /_vti_bin/_vti_aut/ folder as: Administrators: Full Control, System: Full Control.

If you do not need FrontPage Server Extension authoring, delete dvwssr.dll. However, this may damage Interdev functionality.

Products

Microsoft Corporation	FrontPage	98
Microsoft Corporation	InterDev	1.0

References

Bugtraq ID: 1108 1109
CVE ID: 2000-0260 (see also: NVD)
ISS X-Force ID: 4333
Generic Informational URL: http://www.whitehats.com/info/IDS271
Microsoft Security Bulletin: MS00-025

Tools & Filters

Nikto	1195
Nessus	10369
Snort	967

Manual Testing Notes

Credit

Unknown or Incomplete

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Technical

Solution

Products

Microsoft Corporation

FrontPage

InterDev

References

Tools & Filters

Manual Testing Notes

Credit

Blogs

Comments