Microsoft Frontpage is reported prone to multiple remote denial of service vulnerabilities when handling malformed JPEG files. These issues exist due to insufficient verification performed by the 'asycpict.dll' module. Reportedly, these issues can only cause a denial of service condition, however, it may be possible to execute arbitrary code on a vulnerable computer as well. This has not been confirmed at the moment. It should be noted that in an initial advisory these vulnerabilities were reported to affect the 'asycpict.dll' library. In the report it is mentioned that this library is shipped with all versions of Microsoft Windows XP, however, conflicting reports indicate that this is not accurate. These conflicting reports indicate that this library is in fact shipped with Microsoft Front Page 97 and 98. Additionally, one of these reports indicated that the library was also shipped with Microsoft Internet Explorer version 3.01. This is not confirmed. Due to a lack of details,...
Microsoft Frontpage is reported prone to multiple remote denial of service vulnerabilities when handling malformed JPEG files. These issues exist due to insufficient verification performed by the 'asycpict.dll' module. Reportedly, these issues can only cause a denial of service condition, however, it may be possible to execute arbitrary code on a vulnerable computer as well. This has not been confirmed at the moment. It should be noted that in an initial advisory these vulnerabilities were reported to affect the 'asycpict.dll' library. In the report it is mentioned that this library is shipped with all versions of Microsoft Windows XP, however, conflicting reports indicate that this is not accurate. These conflicting reports indicate that this library is in fact shipped with Microsoft Front Page 97 and 98. Additionally, one of these reports indicated that the library was also shipped with Microsoft Internet Explorer version 3.01. This is not confirmed. Due to a lack of details, further information is not available at the moment. This BID will be updated as more information becomes available.
