Sign-up

ID

VAR-200107-0123


CVE

CVE-2001-0341


TITLE

Microsoft Frontpage Server Remote Application Deployment (RAD) component vulnerable to buffer overflow via malformed packet sent to server component

Trust: 0.8

sources: CERT/CC: VU#439835

DESCRIPTION

Buffer overflow in Microsoft Visual Studio RAD Support sub-component of FrontPage Server Extensions allows remote attackers to execute arbitrary commands via a long registration request (URL) to fp30reg.dll. A host running IIS 4.0, could allow the execution of arbitrary commands in the SYSTEM context

Trust: 2.61

sources: NVD: CVE-2001-0341 // CERT/CC: VU#439835 // JVNDB: JVNDB-2001-000099 // BID: 2906

AFFECTED PRODUCTS

vendor:microsoftmodel:windows ntscope:eqversion:4.0

Trust: 1.6

vendor:microsoftmodel:frontpage server extensionsscope:eqversion:2000

Trust: 1.0

vendor:microsoftmodel:windows 2000scope:eqversion:*

Trust: 1.0

vendor:microsoftmodel: - scope: - version: -

Trust: 0.8

vendor:microsoftmodel:iisscope:eqversion:4.0 (frontpage server extensions with additional options visual studio rad support during installation )

Trust: 0.8

vendor:microsoftmodel:iisscope:eqversion:5.0 (frontpage server extensions with additional options visual studio rad support during installation )

Trust: 0.8

vendor:microsoftmodel:windows nt workstation sp6ascope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt workstation sp6scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt workstation sp5scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt workstation sp4scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt workstation sp3scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt workstation sp2scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt workstation sp1scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt workstationscope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt terminal server sp6scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt terminal server sp5scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt terminal server sp4scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt terminal server sp3scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt terminal server sp2scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt terminal server sp1scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt terminal serverscope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt server sp6ascope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt server sp6scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt server sp5scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt server sp4scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt server sp3scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt server sp2scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt server sp1scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt serverscope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt enterprise server sp6ascope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt enterprise server sp6scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt enterprise server sp5scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt enterprise server sp4scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt enterprise server sp3scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt enterprise server sp2scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt enterprise server sp1scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt enterprise serverscope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows server sp2scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows server sp1scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows serverscope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows professional sp2scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows professional sp1scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows professionalscope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows datacenter server sp2scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows datacenter server sp1scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows datacenter serverscope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows advanced server sp2scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows advanced server sp1scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows advanced serverscope:eqversion:2000

Trust: 0.3

sources: CERT/CC: VU#439835 // BID: 2906 // JVNDB: JVNDB-2001-000099 // CNNVD: CNNVD-200107-156 // NVD: CVE-2001-0341

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2001-0341
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#439835
value: 33.79

Trust: 0.8

NVD: CVE-2001-0341
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200107-156
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2001-0341
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: CERT/CC: VU#439835 // JVNDB: JVNDB-2001-000099 // CNNVD: CNNVD-200107-156 // NVD: CVE-2001-0341

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0341

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200107-156

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200107-156

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2001-000099

PATCH
title:MS01-035url:http://www.microsoft.com/technet/security/bulletin/MS01-035.mspx
Trust: 0.8
title:MS01-035url:http://www.microsoft.com/japan/technet/security/bulletin/MS01-035.mspx
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2001-000099

EXTERNAL IDS
db:BIDid:2906
Trust: 3.5
db:NVDid:CVE-2001-0341
Trust: 2.4
db:OSVDBid:577
Trust: 1.6
db:CERT/CCid:VU#439835
Trust: 0.8
db:JVNDBid:JVNDB-2001-000099
Trust: 0.8
db:BUGTRAQid:20010625 NSFOCUS SA2001-03 : MICROSOFT FRONTPAGE 2000 SERVER EXTENSIONS BUFFER OVERFLOW VULNERABILITY
Trust: 0.6
db:XFid:6730
Trust: 0.6
db:MSid:MS01-035
Trust: 0.6
db:CNNVDid:CNNVD-200107-156
Trust: 0.6
sources:
            
            
            CERT/CC: VU#439835 // 
            
            
            
            BID: 2906 // 
            
            
            
            JVNDB: JVNDB-2001-000099 // 
            
            
            
            CNNVD: CNNVD-200107-156 // 
            
            
            
            NVD: CVE-2001-0341

REFERENCES
url:http://www.securityfocus.com/bid/2906
Trust: 3.2
url:http://www.microsoft.com/technet/security/bulletin/ms01-035.asp
Trust: 1.7
url:http://www.osvdb.org/577
Trust: 1.6
url:http://marc.info/?l=bugtraq&m=99348216322147&w=2
Trust: 1.0
url:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-035
Trust: 1.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/6730
Trust: 1.0
url:http://www.ciac.org/ciac/bulletins/l-100.shtml
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2001-0341
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2001-0341
Trust: 0.8
url:http://marc.theaimsgroup.com/?l=bugtraq&m=99348216322147&w=2
Trust: 0.6
url:http://xforce.iss.net/static/6730.php
Trust: 0.6
url:http://support.microsoft.com/support/kb/articles/q300/4/77.asp
Trust: 0.3
url:http://www.nsfocus.com/english/homepage/sa01-03.htm
Trust: 0.3
sources:
            
            
            CERT/CC: VU#439835 // 
            
            
            
            BID: 2906 // 
            
            
            
            JVNDB: JVNDB-2001-000099 // 
            
            
            
            CNNVD: CNNVD-200107-156 // 
            
            
            
            NVD: CVE-2001-0341

CREDITS
Nsfocus Security Team※ security@nsfocus.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200107-156

SOURCES
db:CERT/CCid:VU#439835
db:BIDid:2906
db:JVNDBid:JVNDB-2001-000099
db:CNNVDid:CNNVD-200107-156
db:NVDid:CVE-2001-0341

LAST UPDATE DATE
2024-08-14T15:25:51.322000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#439835date:2001-06-28T00:00:00
db:BIDid:2906date:2001-06-21T00:00:00
db:JVNDBid:JVNDB-2001-000099date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200107-156date:2012-11-28T00:00:00
db:NVDid:CVE-2001-0341date:2019-04-30T14:27:13.710

SOURCES RELEASE DATE
db:CERT/CCid:VU#439835date:2001-06-28T00:00:00
db:BIDid:2906date:2001-06-21T00:00:00
db:JVNDBid:JVNDB-2001-000099date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200107-156date:2001-07-21T00:00:00
db:NVDid:CVE-2001-0341date:2001-07-21T04:00:00