DATE:  
COMMAND                                            SOURCE: 
                                                   AUTHOR: 
  Front Page


SYSTEMS AFFECTED

  Win NT 4.0 Front Page V1.1

  

PROBLEM


    This vulnerability was taken from:

        www.ntshop.com/security



    and ex NT Bill Stout's pages and this text is their credit.



    In FrontPage 1.1,  the IUSR_* account  is granted Full  Control to

    the  _vti_bin  directory  and  Shtml.exe.  If  an intruder has the

    IUSR_<lt;hostname> password (typically  a simple password)  and



    logged into  the machine  they would  have write  permission in an

    executable directory.



SOLUTION

    Change permissions.



EXPLOIT

  

SOLUTION