CVE-2000-0256
published 2000-04-19CVE-2000-0256: Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and 98 Server Extensions allow a user to conduct activities that are not otherwise available…
PriorityP431high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
11.70%
95.5th percentile
Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and 98 Server Extensions allow a user to conduct activities that are not otherwise available through the web site, aka the "Server-Side Image Map Components" vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | personal_web_server | — | — |
| microsoft | windows_nt | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
GPL FTP USER overflow attempt
suricata·2010-09-23
CVE-1999-1510 GPL FTP USER overflow attempt
GPL FTP USER overflow attempt
Rule: alert ftp $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL FTP USER overflow attempt"; flow:established,to_server,no_stream; content:"USER|20|"; nocase; isdataat:100,relative; pcre:"/^USER\x20[^\x00\x20\x0a\x0d]{100}/smi"; reference:bugtraq,10078; reference:bugtraq,1227; reference:bugtraq,1504; reference:bugtraq,1690; reference:bugtraq,4638; reference:bugtraq,7307; reference:bugtraq,8376; reference:cve,1999-1510; reference:cve,1999-1514; reference:cve,1999-1519; reference:cve,1999-1539; reference:cve,2000-0479; reference:cve,2000-0656; reference:cve,2000-0761; reference:cve,2000-0943; reference:cve,2000-1035; reference:cve,2000-1194; reference:cve,2001-0256; reference:cve,2001-0794; reference:cve,2001-0826; reference:cve,2002-0126; reference:cve,2002-1522;
Exploit-DB
War-FTPD 1.65 - Password Overflow (Metasploit)
exploitdb·2010-07-03
CVE-1999-0256 War-FTPD 1.65 - Password Overflow (Metasploit)
War-FTPD 1.65 - Password Overflow (Metasploit)
---
##
# $Id: warftpd_165_pass.rb 9669 2010-07-03 03:13:45Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'War-FTPD 1.65 Password Overflow',
'Description' => %q{
This exploits the buffer overflow found in the PASS command
in War-FTPD 1.65. This particular module will only work
reliably against Windows 2000 targets. The server must be
configured to allow anonymous logins for this exploit to
succeed. A failed attempt will bring down the service
completely.
},
'Author' => 'hdm',
'License'
Exploit-DB
FrontPage 97/98 - Server Image Mapper Buffer Overflow
exploitdb·2000-04-19
CVE-2000-0256 FrontPage 97/98 - Server Image Mapper Buffer Overflow
FrontPage 97/98 - Server Image Mapper Buffer Overflow
---
source: https://www.securityfocus.com/bid/1117/info
The htimage.exe and imagemap.exe files included with FrontPage handle server-side image mapping functions. Under normal operations, it would be passed a map name and a set of coordinates in the format http: //target/path/htimage.exe/mapname?x,y .
If the mapname portion of the request is replaced with 741 or more characters, the webserver software will crash, although the operating system will continue to function normally. Stack dumps reveal that user-supplied data occasionally makes it to the EIP register, making the execution of remote arbitrary code potentially possible.
To crash the server:
http: //target/path/htimage.exe/?0,0
No writeups or analysis indexed.
http://www.securityfocus.com/archive/1/470458/100/0/threadedhttp://www.securityfocus.com/bid/1117https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-028https://exchange.xforce.ibmcloud.com/vulnerabilities/34720http://www.securityfocus.com/archive/1/470458/100/0/threadedhttp://www.securityfocus.com/bid/1117https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-028https://exchange.xforce.ibmcloud.com/vulnerabilities/34720
2000-04-19
Published