Overview
Microsoft Frontpage Server Remote Application Deployment (RAD) component contains an unchecked buffer which can allow an intruder to execute arbitrary code with the privileges of IUSR_machinename or system.
Description
A buffer overflow in the Microsoft Frontpage Server Remote Application Deployment (RAD) component can allow an intruder to execute arbitrary code with the privileges of IUSR_machinename. Under certain circumstances, it is possible for the intruder to execute arbitrary code with the privileges of system. More information on this problem is available from Microsoft at: |
Impact
An attacker can execute code with the privileges of IUSR_machinename and under certain circumstances with the privileges of system. |
Solution
Contact vendor for patches. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Our thanks to Microsoft for the information contained in their bulletin.
This document was written by Ian A. Finlay and is based on information obtained from a Microsoft Security Advisory.
Other Information
| CVE IDs: | CVE-2001-0341 |
| Severity Metric: | 33.79 |
| Date Public: | 2001-06-21 |
| Date First Published: | 2001-06-28 |
| Date Last Updated: | 2001-06-28 15:43 UTC |
| Document Revision: | 23 |