In <000801bf780a$9ad4b2e0$0100007f@localhost>, Jan van de Rijt wrote: | Description: Doubledot bug in FrontPage FrontPage Personal Web Server. | Compromise: Accessing drive trough browser. | Vulnerable Systems: Frontpage-PWS32/3.0.2.926 other versions not tested. | Details: | When FrontPage-PWS runs a site on your c:\ drive your drive could be = | accessed by any user accessing your page, simply by requesting any file = | in any directory except the files in the FrontPage dir. specially = | /_vti_pvt/. | | How to exploit this bug? | Simply adding /..../ in the URL addressbar. It sounds like same as: <http://www.securityfocus.com/templates/archive.pike?list=1&msg=01bae51a$9ab232b0$0100007f@nordnode> <http://www.microsoft.com/security/bulletins/ms99-010.asp> ---- KOJIMA Hajime - Ryukoku University, Seta, Ootsu, Shiga, 520-2194 Japan [Office] kjmat_private, http://www.st.ryukoku.ac.jp/~kjm/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:36:59 PDT