• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft FrontPage Server Extensions SmartHTML Buffer Overflow Vulnerability

A vulnerability has been reported in the SmartHTML (shtml) interpreter component of FrontPage Server Extensions. In FrontPage Server Extensions 2000, the vulnerability is only exploitable as a denial of service. It is possible to cause consumption of CPU due to an infinite loop condition. This may adversely affect the server ability to perform other functions. Remote attackers may exploit this vulnerability to execute arbitrary code on target hosts running FrontPage Server Extensions 2002. This is due to it being a buffer overflow condition.