Microsoft Product Support Services   All Products  |   Support  |   Search  |   microsoft.com Home  
microsoft.com
  Support Home  |   Find a Solution  |   Request Support  |   Custom Support  |

FPSE: Potential Buffer Overrun Vulnerability in Visual Studio RAD (Remote Application Deployment)


The information in this article applies to:
  • Microsoft FrontPage 2000 Server Extensions
  • Microsoft Internet Information Server 4.0
  • Microsoft Internet Information Services version 5.0


SUMMARY

Microsoft Internet Information Server 4.0 and Internet Information Services 5.0 (IIS) include the Microsoft FrontPage Server Extensions to facilitate the development of Web sites and Web-based applications. The FrontPage Server Extensions include an optional sub-component for development servers called Visual Studio RAD (Remote Application Deployment). If you install this optional component on a computer during the installation of Microsoft Windows 2000, you are prompted with the following message:

You have chosen to install Visual InterDev RAD Remote Deployment Support. You should do this only on development servers, because RAD lets authors register server components and modify the COM+ settings, affecting the state of the running server. If you install RAD Remote Deployment Support, you should regularly review the permissions settings of your FrontPage webs to ensure that no unwanted authors have obtained authoring privileges.
This sub-component allows Visual InterDev users to register and unregister programming components on the IIS server. This sub-component contains an unchecked buffer in a section that processes input information.

Although it is unlikely, an attacker could potentially exploit this vulnerability against any server that has the affected sub-component installed, by connecting to a Web session on the server and passing a specially malformed packet to the system.


MORE INFORMATION

A more detailed explanation and a supported fix are available in the following Microsoft Security Bulletin, MS01-035:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-035.asp
For additional information about security topics, browse to the following Microsoft TechNet Security Web site:
http://www.microsoft.com/technet/security/

Additional query words: front page FP FPSE

Keywords : kbdta
Issue type : kbinfo
Technology : kbiisSearch kbFrontPageSearch kbFrontPageServXSearch kbiis500 kbiis400 kbFrontPage2000Search kbFrontPage2000ServX


Last Reviewed: June 22, 2001
© 2001 Microsoft Corporation. All rights reserved. Terms of Use.


Article ID: Q300477

Last Reviewed:
June 22, 2001

Send to a friend

Provided by
Microsoft Product Support Services


Did the information in this article help answer your question?

Yes
No
Did not apply

Please provide additional comments about this information.
(255 character max)