FrontPage Can Hose Your Server

M$ has announced a bug in FrontPage such that if you use **M$ extensions** your server is open to attack

In its 53rd advisory for the year, the software giant said a vulnerability in the SmartHTML interpreter could be exploited to cause a denial-of-service attack on the Web server if the computer had FrontPage Server Extensions 2000 running. For FrontPage Server Extensions 2002, the flaw could result in the attacker running the code of their choice, essentially taking control of the server.

When will people learn? **NEVER USE NON-STANDARD EXTENSIONS!** Doing so only accomplishes 2 things:

  1. Makes it difficult for everyone to enjoy your work
  2. Opens you up to exploitation because only one vendor can see the code that’s doing the interpretation