Test ID:	1.3.6.1.4.1.25623.1.0.101012
Category:	Windows : Microsoft Bulletins
Title:	Microsoft IIS RCE Vulnerability (MS03-051) - Active Check
Summary:	The MS03-051 bulletin addresses two new security vulnerabilities; in Microsoft FrontPage Server Extensions, the most serious of which could enable an attacker to; run arbitrary code on a user's system.
Description:	Summary: The MS03-051 bulletin addresses two new security vulnerabilities in Microsoft FrontPage Server Extensions, the most serious of which could enable an attacker to run arbitrary code on a user's system. Vulnerability Insight: The first vulnerability exists because of a buffer overrun in the remote debug functionality of FrontPage Server Extensions. This functionality enables users to remotely connect to a server running FrontPage Server Extensions and remotely debug content using, for example, Visual Interdev. An attacker who successfully exploited this vulnerability could be able to run code with IWAM_machinename account privileges on an affected system, or could cause FrontPage Server Extensions to fail. The second vulnerability is a Denial of Service vulnerability that exists in the SmartHTML interpreter. This functionality is made up of a variety of dynamic link library files, and exists to support certain types of dynamic web content. An attacker who successfully exploited this vulnerability could cause a server running Front Page Server Extensions to temporarily stop responding to requests. Solution: Microsoft has released a patch to correct these issues. Please see the references for more information. Note: This update replaces the security updates contained in the following bulletins: MS01-035 and MS02-053. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0822 Bugtraq: 20031112 Frontpage Extensions Remote Command Execution (Google Search) http://marc.info/?l=bugtraq&m=106865318904055&w=2 CERT/CC vulnerability note: VU#279156 http://www.kb.cert.org/vuls/id/279156 Microsoft Security Bulletin: MS03-051 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-051 http://marc.info/?l=ntbugtraq&m=106862654906759&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A364 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A366 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A367 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A699 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A743 http://secunia.com/advisories/10195 XForce ISS Database: fpse-debug-bo(13674) https://exchange.xforce.ibmcloud.com/vulnerabilities/13674 Common Vulnerability Exposure (CVE) ID: CVE-2003-0824 CERT/CC vulnerability note: VU#179012 http://www.kb.cert.org/vuls/id/179012 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A308 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A591 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A606 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A625 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A762 XForce ISS Database: fpse-smarthtml-dos(13680) https://exchange.xforce.ibmcloud.com/vulnerabilities/13680
Copyright	Copyright (C) 2009 Christian Eric Edjenguele

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.