G
Guest
I was wondering what, if any, vulnerabilities and exploits are present within
Microsoft Frontpage 2003?
Microsoft Frontpage 2003?
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
M
MD Websunlimited
I don't know of any.
--
Mike -- FrontPage MVP '97-'02
J-Bots 2004 102 Components For FP
http://www.websunlimited.com
FrontPage Add-ins Since '97 FP 2003 / 2002 / 2000 Compatible
Download the Trial http://www.microsoft.com/frontpage/downloads/addin/launchupdate/download.asp
--
Mike -- FrontPage MVP '97-'02
J-Bots 2004 102 Components For FP
http://www.websunlimited.com
FrontPage Add-ins Since '97 FP 2003 / 2002 / 2000 Compatible
Download the Trial http://www.microsoft.com/frontpage/downloads/addin/launchupdate/download.asp
M
Murray
FP writes HTML.
As far as I know, there are no vulnerabilities or exploits possible in HTML.
As far as I know, there are no vulnerabilities or exploits possible in HTML.
T
Thor Kottelin
From: =?Utf-8?B?VVNDQ2NvbnRy?= said:I was wondering what, if any, vulnerabilities and exploits are present within
Microsoft Frontpage 2003?
One example is explained at
<URL:http://www.microsoft.com/technet/security/bulletin/MS05-012.mspx>.
New vulnerabilities are likely to be found, so keeping an eye on security
news - also beyond Microsoft's Ministry of Truth releases- wouls certainly
be a good idea.
Thor
M
Mike Mueller
This is not so much a vulnerability within FrontPage or the
html it writes, but a vulerability in a process that MAY be
used by FP. There is no real need to worry about system
failures due to your use of FP or the pages that it writes,
as what causes this is deeper in the system
:> From: =?Utf-8?B?VVNDQ2NvbnRy?=
<[email protected]>
:
: > I was wondering what, if any, vulnerabilities and
exploits are present within
: > Microsoft Frontpage 2003?
:
: One example is explained at
:
<URL:http://www.microsoft.com/technet/security/bulletin/MS05-012.mspx>.
: New vulnerabilities are likely to be found, so keeping an
eye on security
: news - also beyond Microsoft's Ministry of Truth releases-
wouls certainly
: be a good idea.
:
: Thor
:
: --
: http://www.anta.net/OH2GDF
html it writes, but a vulerability in a process that MAY be
used by FP. There is no real need to worry about system
failures due to your use of FP or the pages that it writes,
as what causes this is deeper in the system
:> From: =?Utf-8?B?VVNDQ2NvbnRy?=
<[email protected]>
:
: > I was wondering what, if any, vulnerabilities and
exploits are present within
: > Microsoft Frontpage 2003?
:
: One example is explained at
:
<URL:http://www.microsoft.com/technet/security/bulletin/MS05-012.mspx>.
: New vulnerabilities are likely to be found, so keeping an
eye on security
: news - also beyond Microsoft's Ministry of Truth releases-
wouls certainly
: be a good idea.
:
: Thor
:
: --
: http://www.anta.net/OH2GDF
G
Guest
Hi,
Yes, there was\are vulnerabilities in MS Frontpage - according to the US
National Vulnerability database the current total is 29, most of which would
be removed if you keep your server and frontpage application patched upto
date. They cover denial of service, viewing FP server extensions, shtml.dll,
directory traversal, buffer overflows etc.
The one we see most commonly on scans is that authors.pwd being accessable
to an anonymous internet user - it is then a simple step to de-hash the
password to get your account details.
In addition it is also worth checking IIS on your hosting server as this
also can have multiple vulnerabilities that would allow someone to compromise
your site.
To view the list there is a search engine at:
www.iwsec.co.uk/links.htm
or
nvd.nist.gov
which links into the National Database - check for Frontpage and IIS.
In addition securityfocus have a very useful search at:
www.securityfocus.com/vulnerabilities
In addition to these there could also be other vulnerabilties on Frontpage
websites e.g. any that use database connections could be vulnerable to SQL
injection, any that use poor password complexity could be vulnerable to
dictionary and brute force attacks etc. You can find more details out about
these at www.iwsec.co.uk/frontpage.htm
Cheers
iwsec
www.iwsec.co.uk
Yes, there was\are vulnerabilities in MS Frontpage - according to the US
National Vulnerability database the current total is 29, most of which would
be removed if you keep your server and frontpage application patched upto
date. They cover denial of service, viewing FP server extensions, shtml.dll,
directory traversal, buffer overflows etc.
The one we see most commonly on scans is that authors.pwd being accessable
to an anonymous internet user - it is then a simple step to de-hash the
password to get your account details.
In addition it is also worth checking IIS on your hosting server as this
also can have multiple vulnerabilities that would allow someone to compromise
your site.
To view the list there is a search engine at:
www.iwsec.co.uk/links.htm
or
nvd.nist.gov
which links into the National Database - check for Frontpage and IIS.
In addition securityfocus have a very useful search at:
www.securityfocus.com/vulnerabilities
In addition to these there could also be other vulnerabilties on Frontpage
websites e.g. any that use database connections could be vulnerable to SQL
injection, any that use poor password complexity could be vulnerable to
dictionary and brute force attacks etc. You can find more details out about
these at www.iwsec.co.uk/frontpage.htm
Cheers
iwsec
www.iwsec.co.uk
K
Kevin Spencer
Yes, there was\are vulnerabilities in MS Frontpage - according to the US
This statement is misleading at best.
First, the US National Vulnerability Database lists all -candidates- for
vulnerabilities, which means that anyone who has submitted a report of a
possible vulnerability is listed as a candidate, meaning that their
assertion has not been checked.
Second, the US National Vulnerability Database is a list for the CVE (Common
Vulnerabilities and Exposures) list, located at http://cve.mitre.org/. When
searching this list for "FrontPage," indeed, 29 entries come up. However,
only 7 of them are accepted entries; the other 22 are candidates.
A check of the most recent candidate reveals a cheap hosting company that
cannot even demonstrate the so-called "vulnerability" they have claimed. The
claim for this is that FrontPage crashes when certain types of CSS tags are
in a page that is opened for editing in FrontPage. This is referred to as a
"Denial of Service attack" for some reason. I don't know what version they
tested it with, but I went to the test page
(http://www.freewebs.com/xxosfilexx/HungFPage.html), and tried it using
FrontPage 2003, with no effect.
Of the seven confirmed vulnerabilities listed, the latest of these is from
2002. In addition, several of them are descriptions of the same
vulnerabilites. Microsoft works with the CVE and the US National
Vulnerability database, one of their most helpful sources of vulnerability
information, and are linked to in the pages that list vulnerabilites in
Microsoft products. There are 2 Microsoft products that relate to the 7
vulnerabilites listed (you can search microsoft.com using the CVE name to
find related Microsoft Security Bulletins, e.g. "CVE-2002-0072"). The
products are FrontPage Server Extensions 2000 and FrontPage Server
Extensions 2002.
There are 3 Security Bulletins on the Microsoft web site for FrontPage 2000
Server Extensions, the latest of which is from 2 years ago):
http://www.microsoft.com/technet/security/Bulletin/MS03-051.mspx
http://www.microsoft.com/technet/security/Bulletin/MS02-053.mspx
http://www.microsoft.com/technet/security/Bulletin/MS01-035.mspx
There are 2 Security Bulletins on the Microsoft web site from FrontPage
Server Extensions 2002, the latest of which is from 2 years ago:
http://www.microsoft.com/technet/security/Bulletin/MS03-051.mspx
http://www.microsoft.com/technet/security/Bulletin/MS02-053.mspx
Unless you have not installed any Windows updates for the past 2 years, or
your web hosting service has not installed any Microsoft Security patches
for the past 2 years, you are not vulnerable.
Further, a look at the web page referenced by this poster as a source of
"more details about these" (http://www.iwsec.co.uk/frontpage.htm), revelas a
page that provides NO information about these old vulnerabilities, but
instead attempts to sell the services of the web site, which provides
scanning services. In other words, the post quoted below is deceptively
self-serving.
--
HTH,
Kevin Spencer
Microsoft MVP
..Net Developer
I'd rather be a hammer than a nail.
National Vulnerability database the current total is 29, most of which
would
be removed if you keep your server and frontpage application patched upto
date. They cover denial of service, viewing FP server extensions,
shtml.dll,
directory traversal, buffer overflows etc.
This statement is misleading at best.
First, the US National Vulnerability Database lists all -candidates- for
vulnerabilities, which means that anyone who has submitted a report of a
possible vulnerability is listed as a candidate, meaning that their
assertion has not been checked.
Second, the US National Vulnerability Database is a list for the CVE (Common
Vulnerabilities and Exposures) list, located at http://cve.mitre.org/. When
searching this list for "FrontPage," indeed, 29 entries come up. However,
only 7 of them are accepted entries; the other 22 are candidates.
A check of the most recent candidate reveals a cheap hosting company that
cannot even demonstrate the so-called "vulnerability" they have claimed. The
claim for this is that FrontPage crashes when certain types of CSS tags are
in a page that is opened for editing in FrontPage. This is referred to as a
"Denial of Service attack" for some reason. I don't know what version they
tested it with, but I went to the test page
(http://www.freewebs.com/xxosfilexx/HungFPage.html), and tried it using
FrontPage 2003, with no effect.
Of the seven confirmed vulnerabilities listed, the latest of these is from
2002. In addition, several of them are descriptions of the same
vulnerabilites. Microsoft works with the CVE and the US National
Vulnerability database, one of their most helpful sources of vulnerability
information, and are linked to in the pages that list vulnerabilites in
Microsoft products. There are 2 Microsoft products that relate to the 7
vulnerabilites listed (you can search microsoft.com using the CVE name to
find related Microsoft Security Bulletins, e.g. "CVE-2002-0072"). The
products are FrontPage Server Extensions 2000 and FrontPage Server
Extensions 2002.
There are 3 Security Bulletins on the Microsoft web site for FrontPage 2000
Server Extensions, the latest of which is from 2 years ago):
http://www.microsoft.com/technet/security/Bulletin/MS03-051.mspx
http://www.microsoft.com/technet/security/Bulletin/MS02-053.mspx
http://www.microsoft.com/technet/security/Bulletin/MS01-035.mspx
There are 2 Security Bulletins on the Microsoft web site from FrontPage
Server Extensions 2002, the latest of which is from 2 years ago:
http://www.microsoft.com/technet/security/Bulletin/MS03-051.mspx
http://www.microsoft.com/technet/security/Bulletin/MS02-053.mspx
Unless you have not installed any Windows updates for the past 2 years, or
your web hosting service has not installed any Microsoft Security patches
for the past 2 years, you are not vulnerable.
Further, a look at the web page referenced by this poster as a source of
"more details about these" (http://www.iwsec.co.uk/frontpage.htm), revelas a
page that provides NO information about these old vulnerabilities, but
instead attempts to sell the services of the web site, which provides
scanning services. In other words, the post quoted below is deceptively
self-serving.
--
HTH,
Kevin Spencer
Microsoft MVP
..Net Developer
I'd rather be a hammer than a nail.
M
Murray
Nice analysis, Kevin.
The post reminded me of the bumper sticker that says "Follow those that seek
the truth. Run from those who have found it!"
Here is the markup on that test page -

<html>
<head>
<TITLE>a</TITLE>
<style>#gb{}#gb .tx{float:left}#gb .g{}</style>
</head>
<body dir=rtl>
<div id=gb><span class=g>a<span class=tx>try to edit this page with
Microsoft FrontPage XP - *** Winxp SP2 </span></span></div>
<script type="text/javascript" src="/i.js"></script></body>
</html>
A bit weird to say the least. When I create a new page in FP2003, and paste
this markup in, it crashes FP2003. How is that a vulnerability? Removing
the dir=rtl attribute/value pair from the body tag fixes that.
I don't really get it.
The post reminded me of the bumper sticker that says "Follow those that seek
the truth. Run from those who have found it!"
Here is the markup on that test page -

<html>
<head>
<TITLE>a</TITLE>
<style>#gb{}#gb .tx{float:left}#gb .g{}</style>
</head>
<body dir=rtl>
<div id=gb><span class=g>a<span class=tx>try to edit this page with
Microsoft FrontPage XP - *** Winxp SP2 </span></span></div>
<script type="text/javascript" src="/i.js"></script></body>
</html>
A bit weird to say the least. When I create a new page in FP2003, and paste
this markup in, it crashes FP2003. How is that a vulnerability? Removing
the dir=rtl attribute/value pair from the body tag fixes that.
I don't really get it.