Microsoft FrontPage imagemap.exe Overflow

2000-04-18T00:00:00
ID OSVDB:3381
Type osvdb
Reporter OSVDB
Modified 2000-04-18T00:00:00

Description

Vulnerability Description

Microsoft Personal Web Servers contain a flaw that allows a remote attacker to execute arbitrary code on a vulnerable server. The issue is due to a buffer overflow in imagemap.exe. If the mapname portion of the request exceeds 741 characters, the web server will crash and allow the code to be executed.

Technical Description

Test for the presence of /cgi-bin/imagemap.exe

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: remove the imagemap.exe program from the web server.

Short Description

Microsoft Personal Web Servers contain a flaw that allows a remote attacker to execute arbitrary code on a vulnerable server. The issue is due to a buffer overflow in imagemap.exe. If the mapname portion of the request exceeds 741 characters, the web server will crash and allow the code to be executed.

References:

Related OSVDB ID: 3384 Microsoft Security Bulletin: MS00-028 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-04/0116.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-04/0159.html ISS X-Force ID: 4484 CVE-2000-0256 Bugtraq ID: 1117