Intrusion Prevention

MS.FrontPage.Server.Extensions.MS-DOS.Device.Name.DoS

Description

This indicates an attack attempt against a denial-of-service vulnerability in the shtml.exe component of Microsoft FrontPage.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted URL whose name includes a standard DOS device name. It allows a remote attacker to cause a denial of service.

Affected Products

Microsoft FrontPage 2000 Server Extensions SR 1.1

Impact

Denial of service

Recommended Actions

Upgrade to FrontPage Server Extensions Service Release 1.2.

CVE References

CVE-2000-0709 CVE-2000-0710