Microsoft FrontPage Server Extensions SmartHTML Interpreter Denial Of Service Vulnerability

2003-11-11T00:00:00
ID SMNTC-9008
Type symantec
Reporter Symantec Security Response
Modified 2003-11-11T00:00:00

Description

Description

A denial of service vulnerability has been reported in the SmartHTML interpreter component of FrontPage Server Extensions that may be exploited by remote attackers. This issue could be exploited to deny availability of CPU resources on the system, potentially causing a denial of service condition.

Technologies Affected

  • Microsoft FrontPage Server Extensions 2000
  • Microsoft FrontPage Server Extensions 2002
  • Microsoft SharePoint Team Services 2002
  • Microsoft Windows 2000 Advanced Server SP2
  • Microsoft Windows 2000 Advanced Server SP3
  • Microsoft Windows 2000 Datacenter Server SP2
  • Microsoft Windows 2000 Datacenter Server SP3
  • Microsoft Windows 2000 Professional SP2
  • Microsoft Windows 2000 Professional SP3
  • Microsoft Windows 2000 Server SP2
  • Microsoft Windows 2000 Server SP3
  • Microsoft Windows XP 64-bit Edition SP1
  • Microsoft Windows XP Home SP1
  • Microsoft Windows XP Professional SP1

Recommendations

Block external access at the network boundary, unless external parties require service.
If the server is not intended to be accessed by external systems, use network access controls to restrict access to all but internal or trusted networks and hosts only. This will reduce exposure to this and other vulnerabilities.

Disable any services that are not needed.
Disable FrontPage Server Extensions or the SmartHTML interpreter if they are not explicitly required. This will eliminate exposure to latent vulnerabilities in the service.

Microsoft has released updates to address this issue. It should be noted that the fix entitled "Security Update for Microsoft FrontPage Server Extensions 2000" is not yet available for download at the time of writing.