Description
Microsoft FrontPage stores form results in a default location in /_private/form_results.txt, which is world-readable and accessible in the document root, which allows remote attackers to read possibly sensitive information submitted by other users.
Products
- Microsoft FrontPage
- Microsoft Frontpage
- Microsoft Frontpage 2000
- Microsoft Frontpage 2002
- Microsoft Frontpage 2003
- Microsoft Frontpage 2003 Service Pack 3
- Microsoft Frontpage 97
- Microsoft Frontpage 98
Questions to Ask Vendors
- Can you confirm whether your systems are affected by CVE-1999-1052, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-1999-1052 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions
- Check out the advisory links provided below.
References