Detections
Analytics

Microsoft FrontPage htimage.exe CGI Remote Overflow

high Nessus Plugin ID 10376

Synopsis

A web application on the remote host has a buffer overflow vulnerability.

Description

The htimage.exe CGI is installed on the remote web server. This CGI is vulnerable to a remote buffer overflow attack when it is given the request :

 /cgi-bin/htimage.exe/AAAA[....]AAA?0,0

A remote attacker could use this to crash the web server, or possibly execute arbitrary code.

Solution

Remove this file from the web server.

See Also

https://seclists.org/bugtraq/2000/Apr/105

https://seclists.org/bugtraq/2000/Apr/148

Plugin Details

Severity: High

ID: 10376

File Name: fp_htimage.nasl

Version: 1.46

Type: remote

Family: CGI abuses

Published: 4/19/2000

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.1

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Vulnerability Publication Date: 4/18/2000

Reference Information

CVE: CVE-2000-0256

BID: 1117