ID CVE-2003-0822
Summary Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:frontpage_server_extensions:2000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:frontpage_server_extensions:2000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:frontpage_server_extensions:2002:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:frontpage_server_extensions:2002:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:sharepoint_team_services:2002:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:sharepoint_team_services:2002:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
CVSS
Base: 7.5 (as of 30-04-2019 - 14:27)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2011-05-16T04:02:50.513-04:00
    class vulnerability
    contributors
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
    family windows
    id oval:org.mitre.oval:def:364
    status accepted
    submitted 2003-12-09T12:00:00.000-04:00
    title MS FrontPage Server Extensions Chunked Encoded Request Buffer Overflow (Test 1)
    version 13
  • accepted 2011-05-16T04:02:50.905-04:00
    class vulnerability
    contributors
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    definition_extensions
    comment Microsoft Windows NT is installed
    oval oval:org.mitre.oval:def:36
    description Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
    family windows
    id oval:org.mitre.oval:def:366
    status accepted
    submitted 2003-12-09T12:00:00.000-04:00
    title MS FrontPage Server Extensions Chunked Encoded Request Buffer Overflow (Test 2)
    version 26
  • accepted 2011-05-16T04:02:51.402-04:00
    class vulnerability
    contributors
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
    family windows
    id oval:org.mitre.oval:def:367
    status accepted
    submitted 2003-12-09T12:00:00.000-04:00
    title MS FrontPage Server Extensions Chunked Encoded Request Buffer Overflow (Test 3)
    version 13
  • accepted 2008-03-24T04:00:50.398-04:00
    class vulnerability
    contributors
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    definition_extensions
    comment Microsoft Windows NT is installed
    oval oval:org.mitre.oval:def:36
    description Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
    family windows
    id oval:org.mitre.oval:def:699
    status accepted
    submitted 2003-03-04T12:00:00.000-04:00
    title MS FrontPage Server Extensions Chunked Encoded Request Buffer Overflow (Test 4)
    version 21
  • accepted 2011-05-16T04:03:25.346-04:00
    class vulnerability
    contributors
    • name Tiffany Bergeron
      organization The MITRE Corporation
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Anna Min
      organization BigFix, Inc
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
    family windows
    id oval:org.mitre.oval:def:743
    status accepted
    submitted 2003-03-04T12:00:00.000-04:00
    title MS FrontPage Server Extensions Chunked Encoded Request Buffer Overflow (Test 5)
    version 12
refmap via4
bugtraq 20031112 Frontpage Extensions Remote Command Execution
cert-vn VU#279156
ms MS03-051
ntbugtraq 20031112 Frontpage Extensions Remote Command Execution
secunia 10195
xf fpse-debug-bo(13674)
saint via4
bid 9007
description FrontPage fp30reg.dll remote debug buffer overflow
id web_cms_fp_remotedebug
osvdb 2952
title frontpage_remote_debug
type remote
Last major update 30-04-2019 - 14:27
Published 15-12-2003 - 05:00
Back to Top