Microsoft FrontPage Server Extensions htimage.exe File Existance Enumeration

2000-04-18T00:00:00
ID OSVDB:3386
Type osvdb
Reporter OSVDB
Modified 2000-04-18T00:00:00

Description

Vulnerability Description

Microsoft Personal Web Servers contain a flaw that allow a remote attacker to verify the existance of a file. The issue is due to htimage.exe not sanitizing arguments and allowing an arbitrary file to be selected. Based on the error message, an attacker can verify if a file is present or not.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: remove the htimage.exe file from the web server.

Short Description

Microsoft Personal Web Servers contain a flaw that allow a remote attacker to verify the existance of a file. The issue is due to htimage.exe not sanitizing arguments and allowing an arbitrary file to be selected. Based on the error message, an attacker can verify if a file is present or not.

Manual Testing Notes

http://server/cgi-bin/htimage.exe/_vti_pvt/service.pwd?0,0

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-04/0116.html ISS X-Force ID: 7795 Bugtraq ID: 1141