Buffer Overrun in SmartHTML Interpreter New

A buffer overrun in the SmartHTML Interpreter of Microsoft FrontPage Server Extensions potentially allows an attacker to run code of their choice or to cause a denial-of-service.

Issue

The SmartHTML Interpreter (shtml.dll) is part of the FrontPage Server Extensions (FPSE) and Microsoft SharePoint Team Services, and provides support for web forms and other FrontPage-based dynamic content. The interpreter contains a flaw that could be exposed when processing a request for a particular type of web file, if the request had certain specific characteristics. This flaw affects the two versions of FrontPage Server Extensions differently. On FrontPage Server Extensions 2000, such a request would cause the interpreter to consume most or all CPU availability until the web service was restarted. An attacker could use this vulnerability to conduct a denial of service attack against an affected web server. On FrontPage Server Extensions 2002 and SharePoint Team Services 2002, the same type of request could cause a buffer overrun, potentially allowing an attacker to run code of his choice.

Affected Products

• Microsoft FrontPage Server Extensions 2000
• Microsoft FrontPage Server Extensions 2002
• Microsoft Windows 2000 (shipped FPSE 2000)
• Microsoft Windows XP (shipped FPSE 2000)
• Microsoft SharePoint Team Services 2002

Download

Software patches are available from the following locations:

• Microsoft FrontPage Server Extensions 2000
• Microsoft FrontPage Server Extensions 2002
• Microsoft Windows 2000 (shipped FPSE 2000)
• Microsoft Windows XP (shipped FPSE 2000)
• Microsoft SharePoint Team Services 2002

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: September 26, 2002

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<