Re: IIS and Frontpage Extensions Vulnerability.

From: Ivan Hernandez (
Date: 08/28/02

Date: Wed, 28 Aug 2002 14:48:02 -0300
From: Ivan Hernandez <>
To: "Kim, Cameron" <>

You can delete both files deleting the file protection cache at
\winnt\system32\dllcache (hidden dir)
Ivan Hernandez

Kim, Cameron wrote:

>I have a question regarding IIS 5.0 running on win2k server sp2. (frontpage
>extensions not installed)
>My Web Admin is a bit concerned because he has been trying to delete
>htimage.exe and imagemap.exe but stubborn windows file protection continues
>to replace it. He feels that the following vulnerabilities
><> )
> and
>/bulletin/fq00-028.asp> are still present, even though they are not
>directly mentioned in the security bulletin.(given that the bulletin is over
>2 years old)
>Is his concern warranted? Or has one of the service packs fixed this issue?
>I am looking for some written proof pointing to the fact that this
>vulnerability doesn't exists anymore. Thanks.
>Cameron Kim
>Mitsubishi Digital Electronics America