5 - CVE-2003-0824

Executive Summary

Informations
Name	CVE-2003-0824	First vendor Publication	2003-12-15
Vendor	Cve	Last vendor Modification	2019-04-30

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0824

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:308

Oval ID:	oval:org.mitre.oval:def:308
Title:	MS FrontPage Server Extensions SmartHTML Denial of Service (Test 1)
Description:	Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0824	Version:	7
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft FrontPage Server Extensions 2000
Definition Synopsis:
Software section Windows 2000 (sp3 or earlier) is installed Windows 2000 is installed AND NOT Win2K/XP/2003 service pack 4 (or later) is installed AND the version of shtml.dll is less than 4.00.02.7523 AND NOT the patch q810217 is installed (Hotfix key) AND Configuration section FrontPage Server Extensions 2000 are enabled (2K, XP) AND SmartHTML interpreter is enabled

Definition Id: oval:org.mitre.oval:def:591

Oval ID:	oval:org.mitre.oval:def:591
Title:	MS FrontPage Server Extensions SmartHTML Denial of Service (Test 2)
Description:	Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0824	Version:	4
Platform(s):	Microsoft Windows NT	Product(s):	Microsoft FrontPage Server Extensions 2000
Definition Synopsis:
Software section Microsoft Windows NT is installed AND the version of shtml.dll is less than 4.00.02.7523 AND Configuration section FrontPage Server Extensions 2000 are enabled (WinNT) AND SmartHTML interpreter is enabled

Definition Id: oval:org.mitre.oval:def:606

Oval ID:	oval:org.mitre.oval:def:606
Title:	MS FrontPage Server Extensions SmartHTML Denial of Service (Test 3)
Description:	Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0824	Version:	8
Platform(s):	Microsoft Windows XP	Product(s):	Microsoft FrontPage Server Extensions 2000
Definition Synopsis:
Software section Windows XP (sp1 or earlier) is installed Windows XP is installed AND NOT Win2K/XP/2003 service pack 2 (or later) is installed AND the version of shtml.dll is less than 4.00.02.7523 AND NOT the patch q810217 is installed (Hotfix key) AND Configuration section FrontPage Server Extensions 2000 are enabled (2K, XP) AND SmartHTML interpreter is enabled

Definition Id: oval:org.mitre.oval:def:625

Oval ID:	oval:org.mitre.oval:def:625
Title:	MS FrontPage Server Extensions SmartHTML Denial of Service (Test 4)
Description:	Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0824	Version:	4
Platform(s):	Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP	Product(s):	Microsoft FrontPage Server Extensions 2002
Definition Synopsis:
Software section Windows NT, 2000, or XP is installed Microsoft Windows NT is installed AND Windows 2000 is installed AND Windows XP is installed AND a vulnerable version of shtml.dll exists (FPSE 2002 or SPTS 2003) AND NOT Win2K/XP/2003 service pack 2 (or later) is installed AND Configuration section FrontPage Server Extensions 2002 are enabled (NT, 2K, XP) AND SmartHTML interpreter is enabled

Definition Id: oval:org.mitre.oval:def:762

Oval ID:	oval:org.mitre.oval:def:762
Title:	MS FrontPage Server Extensions SmartHTML Denial of Service (Test 5)
Description:	Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0824	Version:	4
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003	Product(s):	Microsoft SharePoint Team Services
Definition Synopsis:
Software section Windows 2000, XP, or 2003 is installed Windows 2000 is installed AND Windows XP is installed AND Windows Server 2003 is installed AND a vulnerable version of shtml.dll exists (FPSE 2002 or SPTS 2003) AND NOT Win2K/XP/2003 service pack 2 (or later) is installed AND Configuration section SharePoint Team Services are enabled (2K, XP, 2003) AND SmartHTML interpreter is enabled

CPE : Common Platform Enumeration

Type	Description	Count
Application	Microsoft Frontpage Server Extensions cpe:2.3:a:microsoft:frontpage_server_extensions:2002:::::::* cpe:2.3:a:microsoft:frontpage_server_extensions:2000:::::::*	2
Application	Microsoft Sharepoint Team Services cpe:2.3:a:microsoft:sharepoint_team_services:2002:::::::*	1
Os	Microsoft Windows 2000 cpe:2.3:o:microsoft:windows_2000::sp3::::::* cpe:2.3:o:microsoft:windows_2000::sp2::::::*	2
Os	Microsoft Windows Xp cpe:2.3:o:microsoft:windows_xp::gold:professional::::: cpe:2.3:o:microsoft:windows_xp::sp1:home::::: cpe:2.3:o:microsoft:windows_xp::sp1:64-bit:::::	3

ExploitDB Exploits

id	Description
2001-06-21	MS Visual Studio RAD Support Buffer Overflow Vulnerability (metasploit)
2010-07-25	Microsoft IIS ISAPI FrontPage fp30reg.dll Chunked Overflow
2003-11-13	MS Frontpage Server Extensions fp30reg.dll Exploit (MS03-051)

OpenVAS Exploits

Date	Description
2009-03-16	Name : Microsoft MS03-051 security check File : nvt/remote-MS03-051.nasl
2005-11-03	Name : IIS FrontPage DoS II File : nvt/frontpage_overflow.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
2800	Microsoft FrontPage Server Extensions SmartHTML DoS Microsoft FrontPage contains a flaw that may allow a remote denial of service. The issue is triggered when malicious HTTP requests are passed to SmartHTML and will result in consumption of all CPU resources.

Snort® IPS/IDS

Date	Description
2014-01-10	Microsoft Frontpage server extension long host string overflow attempt RuleID : 6411 - Revision : 15 - Type : SERVER-OTHER
2014-01-10	Microsoft Frontpage server extension long host string overflow attempt RuleID : 6410 - Revision : 16 - Type : SERVER-OTHER
2014-01-10	Microsoft Frontpage server extension long host string overflow attempt RuleID : 6409 - Revision : 14 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date	Description
2003-11-12	Name : It is possible to execute code on the remote host through FrontPage. File : frontpage_chunked_overflow.nasl - Type : ACT_ATTACK

Sources (Detail)

Source	Url
CERT-VN	http://www.kb.cert.org/vuls/id/179012
MS	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03...
OVAL	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
SECUNIA	http://secunia.com/advisories/10195
XF	https://exchange.xforce.ibmcloud.com/vulnerabilities/13680

Alert History

If you want to see full details history, please login or register.

Date	Informations
2021-05-04 12:02:09	Multiple Updates
2021-04-22 01:02:16	Multiple Updates
2020-05-23 00:15:30	Multiple Updates
2019-04-30 21:19:18	Multiple Updates
2018-10-13 00:22:27	Multiple Updates
2017-10-11 09:23:18	Multiple Updates
2017-07-11 12:01:18	Multiple Updates
2016-04-26 12:37:39	Multiple Updates
2014-02-17 10:26:36	Multiple Updates
2014-01-19 21:22:01	Multiple Updates
2013-05-11 11:53:05	Multiple Updates

Global Informations

Type	Count
Oval ID(s)	5
CPE ID(s)	8
Sources(s)	9
osvdb(s)	1
ExploitDB Exploit(s)	3
Openvas Exploit(s)	2
Snort® Rule(s)	3
Nessus® Exploit(s)	1

	Related
7.5	MS03-051
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

5 - CVE-2003-0824

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

OVAL Definitions

CPE : Common Platform Enumeration

ExploitDB Exploits

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU