Remote Path Disclosure in Microsoft FrontPage Server Extensions 1.1
CVE-2000-0710

Currently unrated

Key Information:

Vendor: Microsoft
Status: Frontpage
Vendor: CVE Published:; 20 October 2000

Summary

The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 contains a vulnerability that permits remote attackers to reveal the physical file path of the server components. This exposure occurs when an invalid URL is requested that incorporates a standard DOS device name, rendering the server's internal structure visible. By exploiting this weak point, attackers can obtain sensitive information that may aid in further attacks or exploitation of system resources.

References

http://msdn.microsoft.com/workshop/languages/fp/2000/sr12...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/1608

vdb-entryx_refsource_BID

http://archives.neohapsis.com/archives/bugtraq/2000-08/02...

mailing-listx_refsource_BUGTRAQ

EPSS Score

54% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 20, 2000
Vulnerability Reserved
Sep 19, 2000