Microsoft MS03-051 security check

The MS03-051 bulletin addresses two new security vulnerabilities in Microsoft FrontPage Server Extensions, the most serious of which could enable an attacker to run arbitrary code on a user's system.

The first vulnerability exists because of a buffer overrun in the remote debug functionality of FrontPage Server Extensions. This functionality enables users to remotely connect to a server running FrontPage Server Extensions and remotely debug content using, for example, Visual Interdev. An attacker who successfully exploited this vulnerability could be able to run code with IWAM_machinename account privileges on an affected system, or could cause FrontPage Server Extensions to fail. The second vulnerability is a Denial of Service vulnerability that exists in the SmartHTML interpreter. This functionality is made up of a variety of dynamic link library files, and exists to support certain types of dynamic web content. An attacker who successfully exploited this vulnerability could cause a server running Front Page Server Extensions to temporarily stop responding to requests.

Microsoft has released a patch to correct these issues. Please see the references for more information. Note: This update replaces the security updates contained in the following bulletins: MS01-035 and MS02-053.