Release DateJan 05, 2012 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attack attempt against an Arbitrary File Uploading vulnerability in Microsoft Frontpage Server Extentisons.The vulnerability is caused by the "put document" function. By sending a specially crafted HTTP POST request to the "put document" method involved in author.dll, a remote attacker could upload file on a vulnerable system. |
Affected ProductsIIS 5.x with Frontpage Server Extentions |
Recommended ActionsCurrently we are not aware of any vendor supplied patch for this issue. |
Coverage IPS
VCM |
Reference/shttp://msdn.microsoft.com/en-us/library/dd587467(v=office.11).aspxhttp://msdn.microsoft.com/en-us/library/ms443099.aspx http://msdn.microsoft.com/en-us/library/dd586281(v=office.11).aspx |
