TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
269
Signature ID: 1935
WEB-FRONTPAGE fpremadm.exe access Vulnerability
Threat Level: Warning
Signature Description: Fpremadm uses Fpadmdll.dll, which is the same server-side ISAPI program as the HTML
Administration Forms. Fpremadm is the utility that actually lets you administer FrontPage Server Extensions remotely.
The Fpremadm utility interface is based on the administration utility Fpsrvadm.exe and performs all of the same
commands. Fpremadm requires Microsoft Internet Explorer installed on the client computer. Microsoft FrontPage
Server Extensions 2002 and prior version have serious security vulnerabilities which could enable an attacker to run
arbitrary code on a user's system. An attacker who successfully exploited this vulnerability could be able to run code
with Local System privileges on an affected system, or could cause FrontPage Server Extensions to fail.
Signature ID: 1936
WEB-FRONTPAGE fpsrvadm.exe access Vulnerability
Threat Level: Warning
Signature Description: Fpremadm is the utility that actually lets you administer FrontPage Server Extensions remotely.
The Fpremadm utility interface is based on the administration utility Fpsrvadm.exe and performs all of the same
commands. Fpremadm requires Microsoft Internet Explorer installed on the client computer. Microsoft FrontPage
Server Extensions 2002 and prior version have serious security vulnerabilities which could enable an attacker to run
arbitrary code on a user's system. An attacker who successfully exploited this vulnerability could be able to run code
with Local System privileges on an affected system, or could cause FrontPage Server Extensions to fail.
Signature ID: 1937
WEB-FRONTPAGE frontpage rad fp4areg.dll access Vulnerability
Threat Level: Severe
Industry ID: CVE-2001-0341 Bugtraq: 2906 Nessus: 10699
Signature Description: Microsoft Front Page Server Extensions (FPSE), included in IIS Web Server, contain a flaw
that may allow a remote attacker to execute arbitrary code. The issue is due to a sub-component in FPSE called Visual
Studio Remote Application Deployment (RAD) which allows Visual InterDev users to register and un-register
programming components on the IIS server. The sub-component contains an unchecked buffer that may allow an
attacker to execute arbitrary code with IUSR_Machine privileges.Vulnerable platforms are Microsoft, FrontPage Server
Extensions 2000, Microsoft IIS 4.0, Microsoft IIS 5.0, Microsoft Windows 2000 Advanced Server.
Signature ID: 1938
WEB-FRONTPAGE orders.htm access Vulnerability
Threat Level: Warning
Signature Description: Microsoft FrontPage Server Extensions 2002 and prior version have serious security
vulnerabilities which could enable an attacker to run arbitrary code on a user's system.An attacker who successfully
exploited this vulnerability could be able to run code with Local System privileges on an affected system, or could
cause FrontPage Server Extensions to fail. This signature detects access to vulnerable orders.htm file.
Signature ID: 1939
WEB-FRONTPAGE orders.txt access Vulnerability
Threat Level: Warning
Signature Description: Microsoft FrontPage Server Extensions 2002 and prior version have serious security
vulnerabilities which could enable an attacker to run arbitrary code on a user's system.An attacker who successfully
exploited this vulnerability could be able to run code with Local System privileges on an affected system, or could
cause FrontPage Server Extensions to fail.<br>