Vulnerability Note VU#723537
Microsoft SmartHTML interpreter (shtml.dll) contains vulnerability
Microsoft's SmartHTML interpreter (shtml.dll) contains a remotely exploitable vulnerability.
shtml.dll is a component of FrontPage Server Extensions. FrontPage Server Extensions allow web developers to add or change content and to manage the web server.
Quoting from MS02-053, "The SmartHTML interpreter, shtml.dll, is part of FPSE, and supports certain types of dynamic web content. For instance, using SmartHTML, a web developer can build a web page that relies on FrontPage features, but not actually have those features embedded within the page until a user requests it."
There are varying impacts depending on the version of FrontPage Server Extensions running on the vulnerable host. If a user is running FrontPage Server Extensions 2000, an attacker can cause denial-of-service conditions on the web server (cause the web server to become unavailable). If a user is running FrontPage Server Extensions 2002, a remote attacker can execute arbitrary code with system privileges on the web server.
Apply a patch.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||02 Oct 2002|
CVSS Metrics (Learn More)
Maninder Bharadwaj of Digital Defense Services, part of Digital GlobalSoft Ltd., is credited with discovering this vulnerability.
This document was written by Ian A Finlay. It is based on information provided by Microsoft.
- CVE IDs: CAN-2002-0692
- Date Public: 25 Sep 2002
- Date First Published: 02 Oct 2002
- Date Last Updated: 04 Oct 2002
- Severity Metric: 10.35
- Document Revision: 24
If you have feedback, comments, or additional information about this vulnerability, please send us email.