This script is Copyright (C) 2006-2014 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
Esteban Martinez Fayo reports :
The FrontPage Server Extensions 2002 (included in Windows Sever 2003
IIS 6.0 and available as a separate download for Windows 2000 and XP)
has a web page /_vti_bin/_vti_adm/fpadmdll.dll that is used for
administrative purposes. This web page is vulnerable to cross site
scripting attacks allowing an attacker to run client-side script on
behalf of an FPSE user. If the victim is an administrator, the
attacker could take complete control of a Front Page Server Extensions
To exploit the vulnerability an attacker can send a specially crafted
e-mail message to a FPSE user and then persuade the user to click a
link in the e-mail message.
In addition, this vulnerability can be exploited if an attacker hosts
a malicious website and persuade the user to visit it.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 6.8