Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Windows : Microsoft Bulletins --> Category: infos

FrontPage fpadmdll.dll Cross-Site Scripting Vulnerabilities Vulnerability Scan

Vulnerability Scan Summary
Checks version of FrontPage's fpadmdll.dll

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a server extension that is affected by
several cross-site scripting flaws.

Description :

The version of Microsoft FrontPage Server Extensions 2002 / SharePoint
Team Services on the remote host fails to sanitize user-supplied input
to the 'operation', 'command', and 'name' parameters of
'/_vti_bin/_vti_adm/fpadmdll.dll' before using it to generate dynamic
HTML. A possible hacker may be able to exploit this issue to cause
arbitrary HTML and script code to be executed by a user's browser in
the context of the affected web site. If the user is an
administrator, successful exploitation will give the attacker complete
control over the affected application.

Solution :

Microsoft has released a set of patches for Frontapage 2002 for XP and
2003 :

Threat Level:

High / CVSS Base Score : 7.0

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.