A remote overflow exists in Microsoft Frontpage Server Extensions (FPSE). The fp30reg.dll library fails to handle crafted chunked encoded data resulting in a boundary overflow. With a specially crafted request, an attacker can potentially execute arbitrary code with the same privileges as the web server.

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

• Secunia Advisory ID: 10195
• Milw0rm: 121
• Exploit Database: 121
• ISS X-Force ID: 13674
• CVE ID: 2003-0822 (see also: NVD)
• CERT VU: 279156
• Related OSVDB ID: 2800
• Metasploit ID: 2952
• SCIP VulDB ID: 386
• Microsoft Knowledge Base Article: 810217
• Bugtraq ID: 9007
• Generic Exploit URL: http://immunitysec.com
  http://packetstormsecurity.org/0311-exploits/fp30reg.c
  http://www.saintcorporation.com/cgi-bin/exploit_info/frontpage_remote_debug
• Microsoft Security Bulletin: MS03-051
• CIAC Advisory: o-024

• Brett Moore - brett.mooresecurity-assessment.com - Security Assessment