VULHUB ™

A flaw in internal object interaction allows malicious users to bring down Internet Information Server 4.0, 5.0 and 5.1 with FP2002. Frontpage contains URL parsers for dynamic components (shtml.exe/dll). If a malicious user issues a request for /_vti_bin/shtml.exe where the URL for the dynamic contents is replaced with a long URL, the submodule will filter out the URL, and return a null value to the web service URL parser, crashing IIS. Microsoft advisory on this vulnerability here.

A flaw in internal object interaction allows malicious users to bring down Internet Information Server 4.0, 5.0 and 5.1 with FP2002. Frontpage contains URL parsers for dynamic components (shtml.exe/dll). If a malicious user issues a request for /_vti_bin/shtml.exe where the URL for the dynamic contents is replaced with a long URL, the submodule will filter out the URL, and return a null value to the web service URL parser, crashing IIS. Microsoft advisory on this vulnerability here.