Microsoft FrontPage Server Extensions (fp30reg.dll) Debug Overflow

2003-11-11T00:00:00
ID OSVDB:2952
Type osvdb
Reporter Brett Moore(brett.moore@security-assessment.com)
Modified 2003-11-11T00:00:00

Description

Vulnerability Description

A remote overflow exists in Microsoft Frontpage Server Extensions (FPSE). The fp30reg.dll library fails to handle crafted chunked encoded data resulting in a boundary overflow. With a specially crafted request, an attacker can potentially execute arbitrary code with the same privileges as the web server.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

A remote overflow exists in Microsoft Frontpage Server Extensions (FPSE). The fp30reg.dll library fails to handle crafted chunked encoded data resulting in a boundary overflow. With a specially crafted request, an attacker can potentially execute arbitrary code with the same privileges as the web server.

References:

Secunia Advisory ID:10195 Related OSVDB ID: 2800 Microsoft Security Bulletin: MS03-051 ISS X-Force ID: 13674 Generic Exploit URL: http://packetstormsecurity.org/0311-exploits/fp30reg.c CVE-2003-0822 CIAC Advisory: o-024 CERT VU: 279156 Bugtraq ID: 9007