MS Frontpage Server Extensions...CVE-2003-0822,CVE-2003-0824CNVD-2003-3292CNNVD-200312-061,CNNVD-200312-053
-AVACAUCIA
发布:2025-04-13
修订:2025-04-13
<p><strong>漏洞描述:</strong></p><p>Microsoft FrontPage服务器扩展是Microsoft公司开发的用于加强IIS Web服务器的功能的软件包。Microsoft FrontPage Server Extensions存在两个新的安全漏洞,可导致远程攻击者可以利用这个漏洞进行缓冲区溢出攻击,可能以FrontPage进程权限在系统上执行任意指令。 第一个漏洞是由于FrontPage服务扩展的远程调试功能上存在缓冲区溢出,这个功能用于用户远程连接FrontPage服务扩展的服务器和远程调试内容使用,如Visual Interdev。攻击者成功利用这个漏洞可以以本地SYSTEM权限在系统上执行任意指令,然后在系统上执行任意操作,如安装程序,查看更改或删除数据,建立拥有全部权限的帐户等。 第二个漏洞存在与SmartHTML解析器中,提供对WEB表单和其他基于FrontPage动态内容的支持,攻击者利用这个漏洞可以使运行FrontPage服务扩展的服务器临时停止对正常请求的响应。</p><p><strong>漏洞影响:</strong></p><p>受影响的系统:</p><p> •Microsoft Windows 2000 Service Pack 2, Service Pack 3</p><p>•Microsoft Windows XP, Microsoft Windows XP Service Pack 1</p><p>•Microsoft Windows XP 64-Bit Edition, Microsoft Windows XP 64-Bit Edition Service Pack 1</p><p>•Microsoft Office XP, Microsoft Office XP Service Pack 1, Service Pack 2</p><p>•Microsoft Office 2000 Server Extensions</p><p>不受影响的系统: </p><p>•Microsoft Windows Millennium Edition </p><p>•Microsoft Windows NT Workstation 4.0, Service Pack 6a...
<p><strong>漏洞描述:</strong></p><p>Microsoft FrontPage服务器扩展是Microsoft公司开发的用于加强IIS Web服务器的功能的软件包。Microsoft FrontPage Server Extensions存在两个新的安全漏洞,可导致远程攻击者可以利用这个漏洞进行缓冲区溢出攻击,可能以FrontPage进程权限在系统上执行任意指令。 第一个漏洞是由于FrontPage服务扩展的远程调试功能上存在缓冲区溢出,这个功能用于用户远程连接FrontPage服务扩展的服务器和远程调试内容使用,如Visual Interdev。攻击者成功利用这个漏洞可以以本地SYSTEM权限在系统上执行任意指令,然后在系统上执行任意操作,如安装程序,查看更改或删除数据,建立拥有全部权限的帐户等。 第二个漏洞存在与SmartHTML解析器中,提供对WEB表单和其他基于FrontPage动态内容的支持,攻击者利用这个漏洞可以使运行FrontPage服务扩展的服务器临时停止对正常请求的响应。</p><p><strong>漏洞影响:</strong></p><p>受影响的系统:</p><p> •Microsoft Windows 2000 Service Pack 2, Service Pack 3</p><p>•Microsoft Windows XP, Microsoft Windows XP Service Pack 1</p><p>•Microsoft Windows XP 64-Bit Edition, Microsoft Windows XP 64-Bit Edition Service Pack 1</p><p>•Microsoft Office XP, Microsoft Office XP Service Pack 1, Service Pack 2</p><p>•Microsoft Office 2000 Server Extensions</p><p>不受影响的系统: </p><p>•Microsoft Windows Millennium Edition </p><p>•Microsoft Windows NT Workstation 4.0, Service Pack 6a </p><p>•Microsoft Windows NT Server 4.0, Service Pack 6a </p><p>•Microsoft Windows NT Server 4.0, Terminal Server Edition, Service Pack 6 </p><p>•Microsoft Windows 2000 Service Pack 4 </p><p>•Microsoft Windows XP 64-Bit Edition Version 2003 </p><p>•Microsoft Windows Server 2003 (Windows SharePoint Services) </p><p>•Microsoft Windows Server 2003 64-Bit Edition (Windows SharePoint Services)</p><p>•Microsoft Office System 2003 </p><p>Affected Components: </p><p>•Microsoft FrontPage Server Extensions 2000 (For Windows NT4) and Microsoft Office 2000 Server Extensions (Shipped with Office 2000)</p><p>•Microsoft FrontPage Server Extensions 2000 (Shipped with Windows 2000)</p><p>•Microsoft FrontPage Server Extensions 2000 (Shipped with Windows XP) </p><p>•Microsoft FrontPage Server Extensions 2000 64-bit (Shipped with Windows XP 64-bit)</p><p>•Microsoft FrontPage Server Extensions 2002 </p><p>•Microsoft SharePoint Team Services 2002 (Shipped with Office XP)</p><p><strong>CVE-ID:CVE-2003-0822,CVE-2003-0824 </strong></p><p><strong>CNNVD-ID:CNNVD-200312-061,CNNVD-200312-053</strong></p><p><strong>CNVD-ID:CNVD-2003-3292</strong> </p><p><strong></strong> </p><p><strong>解决方案:</strong></p><p>Microsoft </p><p>--------- </p><p>Microsoft已经为此发布了一个安全公告(MS03-051)以及相应补丁:</p><p>MS03-051:Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360)链接:<a href="http://www.microsoft.com/technet/security/bulletin/MS03-051.asp">http://www.microsoft.com/technet/security/bulletin/MS03-051.asp</a></p><p>补丁下载:Microsoft FrontPage Server Extensions 2000 <a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=C84C3D10-A821-4819-BF58-D3BC70A77BFA&displaylang=en">http://www.microsoft.com/downloads/details.aspx?FamilyId=C84C3D10-A821-4819-BF58-D3BC70A77BFA&displaylang=en</a> </p><p>Microsoft FrontPage Server Extensions 2000 (Shipped with Windows 2000) <a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=057D5F0E-0E2B-47D2-9F0F-3B15DD8622A2&displaylang=en">http://www.microsoft.com/downloads/details.aspx?FamilyId=057D5F0E-0E2B-47D2-9F0F-3B15DD8622A2&displaylang=en</a> </p><p>Microsoft FrontPage Server Extensions 2000 (Shipped with Windows XP) <a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=9B302532-BFAB-489B-82DC-ED1E49A16E1C&displaylang=en">http://www.microsoft.com/downloads/details.aspx?FamilyId=9B302532-BFAB-489B-82DC-ED1E49A16E1C&displaylang=en</a> </p><p>Microsoft FrontPage Server Extensions 2002 <a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=3E8A21D9-708E-4E69-8299-86C49321EE25&displaylang=en">http://www.microsoft.com/downloads/details.aspx?FamilyId=3E8A21D9-708E-4E69-8299-86C49321EE25&displaylang=en</a> </p><p>Microsoft SharePoint Team Services 2002 (shipped with Office XP) <a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=5923FC2F-D786-4E32-8F15-36A1C9E0A340&displaylang=en">http://www.microsoft.com/downloads/details.aspx?FamilyId=5923FC2F-D786-4E32-8F15-36A1C9E0A340&displaylang=en</a></p>
