Microsoft VisualInterDev 6.0 - IIS4- Management With No Authentication Vulnerability

Microsoft VisualInterDev 6.0 - IIS4- Management With No Authentication Vulnerability

Microsoft Visual InterDev 6.0 client is prone to vulnerability that permits attackers to gain unauthorized access to the affected application.

Reportedly, a Visual InterDev 6.0 client may be able to connect to an IIS4 Web Server and manage the website without requiring any user auhentication.

This issue may be associated with security permissions applied by FrontPage tools. It is unclear exactly what is allowing this to happen or under what combination of Service Pack / hotfix this may occur.