VULHUB ™

The FrontPage Server Extensions 2002 (included in Windows Sever 2003 IIS 6.0 and available as a separate download for Windows 2000 and XP) has a web page /_vti_bin/_vti_adm/fpadmdll.dll that is used for administrative purposes. This web page is vulnerable to cross site scripting attacks allowing an attacker to run client-side script on behalf of an FPSE user. If the victim is an administrator, the attacker could take complete control of a Front Page Server Extensions 2002 server.

The FrontPage Server Extensions 2002 (included in Windows Sever 2003 IIS 6.0 and available as a separate download for Windows 2000 and XP) has a web page /_vti_bin/_vti_adm/fpadmdll.dll that is used for administrative purposes. This web page is vulnerable to cross site scripting attacks allowing an attacker to run client-side script on behalf of an FPSE user. If the victim is an administrator, the attacker could take complete control of a Front Page Server Extensions 2002 server.