Microsoft FrontPage 2000 Internet Publishing Service Provider DAV File Upload Vulnerability
BID:12141
Info
Microsoft FrontPage 2000 Internet Publishing Service Provider DAV File Upload Vulnerability
| Bugtraq ID: | 12141 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 31 2004 12:00AM |
| Updated: | Dec 31 2004 12:00AM |
| Credit: | CorryL <[email protected]> is credited with the discovery of this issue. |
| Vulnerable: |
Microsoft FrontPage 2000 |
| Not Vulnerable: | |
Discussion
Microsoft FrontPage 2000 Internet Publishing Service Provider DAV File Upload Vulnerability
A file upload vulnerability allegedly affects the DATA Access Internet Publishing Service Provider Distributed Versioning and Authoring (DAV) functionality of Microsoft FrontPage 2000.
An attacker may leverage this issue to upload arbitrary files to the affected computer. This will allow the execution of server-based script code, and will facilitate a compromise of the affected server. Depending on the purpose on the server, an attacker could also exploit the issue to place malicious or abuse content on the server.
It should be noted that the individual reporting this issue may have discovered it while auditing a poorly configured implementation of the affected software; if this were the case this issue may not be a vulnerability. This BID will be updated immediately upon the release of new information.
A file upload vulnerability allegedly affects the DATA Access Internet Publishing Service Provider Distributed Versioning and Authoring (DAV) functionality of Microsoft FrontPage 2000.
An attacker may leverage this issue to upload arbitrary files to the affected computer. This will allow the execution of server-based script code, and will facilitate a compromise of the affected server. Depending on the purpose on the server, an attacker could also exploit the issue to place malicious or abuse content on the server.
It should be noted that the individual reporting this issue may have discovered it while auditing a poorly configured implementation of the affected software; if this were the case this issue may not be a vulnerability. This BID will be updated immediately upon the release of new information.
Exploit / POC
Microsoft FrontPage 2000 Internet Publishing Service Provider DAV File Upload Vulnerability
The following proof of concept has been provided:
The following proof of concept has been provided:
Solution / Fix
Microsoft FrontPage 2000 Internet Publishing Service Provider DAV File Upload Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Microsoft FrontPage 2000 Internet Publishing Service Provider DAV File Upload Vulnerability
References:
References:
- FrontPage Product Page (Microsoft)