COMMAND

    Front Page (1.1) Default permissions

SYSTEMS AFFECTED

    Win NT 4.0

PROBLEM

    This vulnerability was taken from:

        www.ntshop.com/security

    and ex NT Bill Stout's pages and this text is their credit.

    In FrontPage 1.1,  the IUSR_* account  is granted Full  Control to
    the  _vti_bin  directory  and  Shtml.exe.  If  an intruder has the
    IUSR_<lt;hostname> password (typically  a simple password)  and

    logged into  the machine  they would  have write  permission in an
    executable directory.

SOLUTION

    Change permissions.