[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Frontpage Publishing DoS

Title: Frontpage Publishing DoS
Released by: eEye
Date: 3rd January 2001
Printable version: Click here
Sorry for the delay in posting this.

Frontpage Publishing DoS (Denial of Service)

Release Date:

Dec 22, 2000

Systems Affected:

Default Installations of Windows NT4 IIS4 SP6or<

Default Installations of Windows 2000 IIS5 SP1or<


Any current NT server running IIS with Frontpage server extensions (which

are installed by default) is vulnerable a remote DoS (Denial of Service).

The vulnerability stems from Frontpage improperly handling queries to

Frontpage Authoring (author.dll) modules as well as shtml calls. It is

possible for a remote attacker to send a malformed query to those modules

which will cause Frontpage to crash which will then in turn bring down

inetinfo.exe on Windows NT 4.0 systems. On Windows 2000 systems the

vulnerability is a bit different. Inetinfo.exe is not killed, it just simply

"freezes". You can still connect to the IIS5 web server but any further

GET/HEAD/etc.. commands will not be procesed. Microsoft's advisory states

that IIS5 will simply restart however we did not experience this in our


The two vulnerable pieces of Frontpage are:



Example Exploit:

Sorry we didn't take the time to wrap these into click and kill exe's.



Easiest if these files are opened in a word wrapped document.

Vendor Status:

Microsoft has released an advisory and patch for this vulnerability:


Note: There have been a few people who have recommended that if you do not

use FrontPage to disable Frontpage Web Authoring. Disabling Web Authoring

does not fix the problem. You must completely remove Frontpage and all of

its files.

Copyright (c) 1998-2000 eEye Digital Security

Permission is hereby granted for the redistribution of this alert

electronically. It is not to be edited in any way without express consent of

eEye. If you wish to reprint the whole or any part of this alert in any

other medium excluding electronic medium, please e-mail alert@eEye.com for



The information within this paper may change without notice. Use of this

information constitutes acceptance for use in an AS IS condition. There are

NO warranties with regard to this information. In no event shall the author

be liable for any damages whatsoever arising out of or in connection with

the use or spread of this information. Any use of this information is at the

user's own risk.


Please send suggestions, updates, and comments to:

eEye Digital Security



(C) 1999-2000 All rights reserved.