shtml
-----

CVE Number: 
CAN-2000-0114

Details:
The shtml program was found on the system. This can be queried to provide the
anonymous account on Windows NT systems. Also, versions of FrontPage prior
to version 1.2 are vulnerable to a denial of service attack that requires a
complete restart of IIS to get FrontPage running properly again.

Fix:
It is recommended that the file be removed from the system, or not use
FrontPage Server Extensions. Alternately, upgrade to version 1.2 or higher.

Related URLs:
http://www.cerberus-infosec.co.uk/adviisfp.html
http://archives.neohapsis.com/archives/bugtraq/2000-08/0288.html
http://msdn.microsoft.com/workshop/languages/fp/2000/winfpse.asp

$Id: shtml,v 1.1 2000/07/10 18:14:29 loveless Exp $
