Article ID: 217765 - View products that this article applies to.
This article was previously published under Q217765
This article has been archived. It is offered "as is" and will no longer be updated.
If you use FrontPage Personal Web Server 1.0 (Vhttpd32.exe version 2.0.2.xxxx) on Microsoft Windows 95 or Microsoft Windows 98, your Web is vulnerable to unauthorized users who may access your files by using a specific non-standard URL. The unauthorized users must know the exact file name to access the file.
If you are using FrontPage Personal Web Server on Microsoft Windows NT 4.0, this problem does not affect you.
Most users of Microsoft FrontPage are not affected, because the FrontPage Personal Web Server is available on the FrontPage CD, but was only installed with FrontPage 1.1. Subsequent versions of FrontPage installed Microsoft Personal Web Server 2.0, which is not affected by this issue.
This vulnerability involves the ability of a malicious user to bypass the server's normal file access controls by typing a non-standard URL. The file must be specifically requested by name, so the malicious user must already know the name of the file or correctly guess the name. The vulnerability only affects users who host their own Web site with FrontPage Personal Web Server 1.0 (vhttpd32.exe version 2.0.2.xxxx).
To resolve this problem, use one of the following methods.
Method 1: Upgrade to Microsoft Personal Web Server 4.0If you do not need remote authoring support, Microsoft recommends that you upgrade to Microsoft Personal Web Server 4.0 and install the patch for this Web server.
For more information about downloading Microsoft Personal Web Server 4, see the following Microsoft Web site.
NOTE: Microsoft Personal Web Server 4 is installed by Windows NT 4.0 Option Pack for Windows 95.
http://www.microsoft.com/downloads/details.aspx?FamilyID=05c301d2-51f6-4cc1-b750-02f3c3141a71&displaylang=enYou can download the patch from the Microsoft Download Center. The following file is available for download from the Microsoft Download Center:
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
Download Pwssecup.exe now
Collapse this imageExpand this image
119591Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.
(http://support.microsoft.com/kb/119591/EN-US/ )How to Obtain Microsoft Support Files from Online Services
Method 2: Install New Extensions and the PatchIf you need to remotely author a Web, follow these steps:
For more information about this vulnerability, see the following Microsoft Web site:
http://www.microsoft.com/technet/security/Bulletin/MS99-010.mspxFor additional security related information about Microsoft products, please visit the Web site at: