It is possible to remotely crash a system running Microsoft FrontPage Server Extensions by conducting a URL request for a MS-DOS device through shtml.exe. For example, the following URL requests will crash FrontPage Server Extensions:
- http://target/_vti_bin/shtml.exe/comX.htm (X being one of 1, 2 ,3, or 4; the
device must exist on the target machine)
The device name must have an appended extension in order for the exploit to work.
In addition to the HTM extension, ASP will work as well. Restarting IIS or rebooting the
system is required in order to regain normal functionality. Testing has shown that it may
require a constant stream of these requests in order to render the server ineffective.