The SmartHTML Interpreter (shtml.dll) is part of the FrontPage Server Extensions (FPSE), and provides support for web forms and other FrontPage-based dynamic content. The interpreter contains a flaw that could be exposed when processing a request for a particular type of web file, if the request had certain specific character-istics. This flaw affects the two versions of FrontPage Server Extensions differently. On FrontPage Server Extensions 2000, such a request would cause the interpreter to consume most or all CPU availability until the web service was restarted. An attacker could use this vulnerability to conduct a denial of service attack against an affected web server. On FrontPage Server Extensions 2002, the same type of request could cause a buffer overrun, potentially allowing an attacker to run code of his choice.
Title: Buffer Overrun in SmartHTML Interpreter Could Allow Code Execution (Q324096)
Released: 25 September 2002
Software: FrontPage Server Extensions 2000 and 2002
Impact: Denial of service or privilege elevation
Max Risk: Critical
Bulletin: MS02-053
This has also been mentioned by xStainDx here
View: Microsoft TechNet - Security Bulletin ID MS02-053 for more information and patch availability
Title: Buffer Overrun in SmartHTML Interpreter Could Allow Code Execution (Q324096)
Released: 25 September 2002
Software: FrontPage Server Extensions 2000 and 2002
Impact: Denial of service or privilege elevation
Max Risk: Critical
Bulletin: MS02-053
This has also been mentioned by xStainDx here
View: Microsoft TechNet - Security Bulletin ID MS02-053 for more information and patch availability
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.