COMMAND

    FrontPage Personal Web Server

SYSTEMS AFFECTED

    Frontpage-PWS32/3.0.2.926 (other versions not tested)

PROBLEM

    When FrontPage-PWS runs a site on your c:\ drive your drive  could
    be accessed by any user accessing your page, simply by  requesting
    any file in any directory  except the files in the  FrontPage dir.
    specially /_vti_pvt/.

    How  to  exploit  this  bug?   Simply  adding  /..../  in  the URL
    addressbar.

        http://www.target.com/..../<any_dir>/<any_file>

    so by requesting http://www.target.com/..../Windows/Admin.pwl  the
    webserver let us  download the .pwl  file from the  target.  Files
    and dirs. with the hidden attribute set are vulnerable.

SOLUTION

    The best solution is installing FrontPage on a drive that  doesn't
    contain Private  information.   This seems  to be  issue only with
    Win9x boxes.