Detections
Analytics

Microsoft FrontPage dvwssr.dll Multiple Vulnerabilities

critical Nessus Plugin ID 10369

Synopsis

The remote web server has multiple vulnerabilities.

Description

The version of Microsoft FrontPage running on the remote host has the following vulnerabilities in '/_vti_bin/_vti_aut/dvwssr.dll' :

 - A security bypass vulnerability that allows anyone with web authoring permissions to alter other users' files.

 - A remote buffer overflow vulnerability that could allow a remote attacker to crash the server, or possibly execute arbitrary code.

Solution

Delete all copies of dvwssr.dll from the server. Refer to the Microsoft Security Bulletin for further information.

See Also

http://www.nessus.org/u?3772b65c

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2000/ms00-025

Plugin Details

Severity: Critical

ID: 10369

File Name: frontpage_dvwssr.nasl

Version: 1.59

Type: remote

Family: Web Servers

Published: 4/14/2000

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 4/14/2000

Reference Information

CVE: CVE-2000-0260

BID: 1109

MSFT: MS00-025