RE: IIS and Frontpage Extensions Vulnerability.

From: Kim, Cameron (
Date: 08/30/02

From: "Kim, Cameron" <>
To: 'Ivan Hernandez' <>
Date: Fri, 30 Aug 2002 09:26:18 -0700

I have attempted deleting both in the dllcache and the bin directory where
both htimage and imagemap.exe and both come back up. ?????

Cameron Kim
Mitsubishi Digital Electronics America

-----Original Message-----
From: Ivan Hernandez []
Sent: Wednesday, August 28, 2002 10:48 AM
To: Kim, Cameron
Cc: ''
Subject: Re: IIS and Frontpage Extensions Vulnerability.

You can delete both files deleting the file protection cache at
\winnt\system32\dllcache (hidden dir)
Ivan Hernandez

Kim, Cameron wrote:

>I have a question regarding IIS 5.0 running on win2k server sp2.
>(frontpage extensions not installed)
>My Web Admin is a bit concerned because he has been trying to delete
>htimage.exe and imagemap.exe but stubborn windows file protection
>continues to replace it. He feels that the following vulnerabilities
><> )
> and
>/bulletin/fq00-028.asp> are still present, even though they are not
>directly mentioned in the security bulletin.(given that the bulletin is
>2 years old)
>Is his concern warranted? Or has one of the service packs fixed this
>issue? I am looking for some written proof pointing to the fact that
>this vulnerability doesn't exists anymore. Thanks.
>Cameron Kim
>Mitsubishi Digital Electronics America