Description: Doubledot bug in FrontPage FrontPage Personal Web Server.
Compromise: Accessing drive trough browser.
Vulnerable Systems: Frontpage-PWS32/3.0.2.926 other versions not tested.
Details:
When FrontPage-PWS runs a site on your c:\ drive your drive could be =
accessed by any user accessing your page, simply by requesting any file =
in any directory except the files in the FrontPage dir. specially =
/_vti_pvt/.

How to exploit this bug?
Simply adding /..../ in the URL addressbar.

http://www.target.com/..../<any_dir>/<any_file>

so by requesting http://www.target.com/..../Windows/Admin.pwl the =
webserver let us download the .pwl file from the target.

Files and dirs. with the hidden attribute set are vulnerable.

Solution:
The best solution is installing FrontPage on a drive that doesn't =
contain Private information.

Greetings,

Jan van de Rijt aka The Warlock.