Rapid7 Vulnerability & Exploit Database

Microsoft FrontPage Server Extensions MS-DOS Device Name DoS Vulnerability

Back to Search

Microsoft FrontPage Server Extensions MS-DOS Device Name DoS Vulnerability

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
10/20/2000
Created
07/25/2018
Added
11/01/2004
Modified
07/31/2012

Description

It is possible to remotely crash a system running Microsoft FrontPage Server Extensions by conducting a URL request for a MS-DOS device through shtml.exe. For example, the following URL requests will crash FrontPage Server Extensions:

  • http://target/_vti_bin/shtml.exe/comX.htm (X being one of 1, 2 ,3, or 4; the device must exist on the target machine)
  • http://target/_vti_bin/shtml.exe/prn.htm
  • http://target/_vti_bin/shtml.exe/aux.htm

The device name must have an appended extension in order for the exploit to work. In addition to the HTM extension, ASP will work as well. Restarting IIS or rebooting the system is required in order to regain normal functionality. Testing has shown that it may require a constant stream of these requests in order to render the server ineffective.

Solution(s)

  • http-iis-0038

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;