MS02-053:Buffer Overrun in SmartHTML Interpreter Could Allow Code Exec


Recommended Posts

-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------

Title: Buffer Overrun in SmartHTML Interpreter Could Allow

Code Execution (Q324096)

Released: 25 September 2002

Software: FrontPage Server Extensions 2000 and 2002

Impact: Denial of service or privilege elevation

Max Risk: Critical

Bulletin: MS02-053

Microsoft encourages customers to review the Security Bulletin at:

http://www.microsoft.com/technet/security/...in/MS02-053.asp.

- ----------------------------------------------------------------------

Issue:

======

The SmartHTML Interpreter (shtml.dll) is part of the FrontPage

Server Extensions (FPSE), and provides support for web forms and

other FrontPage-based dynamic content. The interpreter contains a

flaw that could be exposed when processing a request for a particular

type of web file, if the request had certain specific character-

istics. This flaw affects the two versions of FrontPage Server

Extensions differently. On FrontPage Server Extensions 2000, such

a request would cause the interpreter to consume most or all CPU

availability until the web service was restarted. An attacker could

use this vulnerability to conduct a denial of service attack against

an affected web server. On FrontPage Server Extensions 2002, the

same type of request could cause a buffer overrun, potentially

allowing an attacker to run code of his choice.

Mitigating Factors:

====================

- - The IIS Lockdown Tool, if used to configure a static web server,

disables the SmartHTML Interpreter. Servers on which this has

been done could not be affected by the vulnerability.

- - FrontPage Server Extensions install on IIS 4.0, 5.0 and 5.1 by

default, but can be uninstalled if desired. Servers on which

this has been done could not be affected by the vulnerability.

Risk Rating:

============

- Internet systems: Critical

- Intranet systems: Moderate

- Client systems: None

Patch Availability:

===================

- A patch is available to fix this vulnerability. Please read the

Security Bulletin at

http://www.microsoft.com/technet/security/...in/ms02-053.asp

for information on obtaining this patch.

Acknowledgment:

===============

Microsoft thanks Maninder Bharadwaj (digital.defense@digital.com)

of Digital GlobalSoft Ltd. for reporting this issue to us and

working with us to protect customers.

- ---------------------------------------------------------------------

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.