Remote File Access Vulnerability in Microsoft FrontPage by CERN Image Map Dispatcher
CVE-2007-3109

Currently unrated

Key Information:

Vendor: Microsoft
Status: Office; Frontpage
Vendor: CVE Published:; 7 June 2007

Summary

A vulnerability exists in Microsoft FrontPage's CERN Image Map Dispatcher (htimage.exe) that could allow remote attackers to gain information about the existence and potentially the contents of arbitrary files located within the web root directory. This is accomplished through the manipulation of the 'PATH_INFO' variable, which could be exploited to execute a relative pathname, thus revealing sensitive file data that should remain protected.

References

http://www.securityfocus.com/archive/1/470458/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://osvdb.org/42058

vdb-entryx_refsource_OSVDB

http://securityreason.com/securityalert/2784

third-party-advisoryx_refsource_SREASON

EPSS Score

19% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 7, 2007
Vulnerability Reserved
Jun 7, 2007