RE: IIS and Frontpage Extensions Vulnerability.

From: Kim, Cameron (CKim@bigscreen.mea.com)
Date: 08/30/02


From: "Kim, Cameron" <CKim@bigscreen.mea.com>
To: 'Ivan Hernandez' <ivan.hernandez@globalsis.com.ar>
Date: Fri, 30 Aug 2002 09:26:18 -0700

I have attempted deleting both in the dllcache and the bin directory where
both htimage and imagemap.exe and both come back up. ?????

Cameron Kim
Mitsubishi Digital Electronics America

-----Original Message-----
From: Ivan Hernandez [mailto:ivan.hernandez@globalsis.com.ar]
Sent: Wednesday, August 28, 2002 10:48 AM
To: Kim, Cameron
Cc: 'focus-ms@securityfocus.com'
Subject: Re: IIS and Frontpage Extensions Vulnerability.

You can delete both files deleting the file protection cache at
\winnt\system32\dllcache (hidden dir)
Ivan Hernandez

Kim, Cameron wrote:

>Guys,
>
>I have a question regarding IIS 5.0 running on win2k server sp2.
>(frontpage extensions not installed)
>
>My Web Admin is a bit concerned because he has been trying to delete
>htimage.exe and imagemap.exe but stubborn windows file protection
>continues to replace it. He feels that the following vulnerabilities
>(http://online.securityfocus.com/bid/964
><http://online.securityfocus.com/bid/964> )
> and
>http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secu
>rity/
>bulletin/fq00-028.asp
><http://www.microsoft.com/technet/treeview/default.asp?url=/technet/securit
y
>/bulletin/fq00-028.asp> are still present, even though they are not
>directly mentioned in the security bulletin.(given that the bulletin is
over
>2 years old)
>
>Is his concern warranted? Or has one of the service packs fixed this
>issue? I am looking for some written proof pointing to the fact that
>this vulnerability doesn't exists anymore. Thanks.
>
>
>
>Cameron Kim
>Mitsubishi Digital Electronics America
>
>