Description
The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name.
Products
- Microsoft FrontPage
- Microsoft Frontpage
- Microsoft Frontpage 2000
- Microsoft Frontpage 2002
- Microsoft Frontpage 2003
- Microsoft Frontpage 2003 Service Pack 3
- Microsoft Frontpage 97
- Microsoft Frontpage 98
Questions to Ask Vendors
- Can you confirm whether your systems are affected by CVE-2000-0710, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2000-0710 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions
- Check out the advisory links provided below.
References