COMMAND

    Front Page

SYSTEMS AFFECTED

    Win NT

PROBLEM

    Bob LaGarde found following  recently in running ASP  applications
    within FrontPage webs.  There is a small bug with certain versions
    of FrontPage extensions that allow one to bypass the security  and
    view the  ASP code  as well  as get  into restricted  areas.   The
    security  is  circumvented  by  accessing  a  tiny loophole in the
    FrontPage extensions.  Basically the shtml.dll which provides  the
    security access overrides the processing of asp.dll for all pages.
    Therefore, if one calls the shtml.dll to execute a given page  the
    .asp code never gets executed and all the code is revealed.

SOLUTION

    There  is  an  upgrade  available  for  the  FrontPage  98  server
    extensions on Microsoft's  website that fixes  this problem.   You
    can access it at:

        http://www.microsoft.com/frontpage/wpp/default.htm

    The version was released on 2/23/98 and upgrade the extensions  to
    version 3.0.2.1330.