CNET también está disponible en español.

Ir a español

Don't show this again

Christmas Gift Guide
Tech Industry

FrontPage bug latest security hole

Internet Explorer isn't the only Microsoft product that's got security problems.

Internet Explorer isn't the only Microsoft (MSFT) product that's got security problems.

The software giant has discovered a glitch with the server-side components of its Web page authoring tool, FrontPage, which could allow unauthorized users to modify pages on a site. The glitch was discovered within the last two weeks. Microsoft posted new server components to fix the problem yesterday morning, according to a company spokeswoman.

The latest security hole affects any Web site that employs two FrontPage 97 and FrontPage 1.1 server components, known as "WebBots." The Save Results and Discussion WebBots allow a page designer to easily save data from an HTML form to a server and to add group discussion capabilities to a site.

Any Web page that uses either of those server components could be vulnerable to attack from someone with a thorough knowledge of HTML. A hacker could potentially exploit the hole to deface a Web page with images or text.

The FrontPage glitch follows a series of potentially serious security holes in Internet Explorer discovered two weeks ago by separate groups of university students. Now, Microsoft appears to be taking a more proactive approach to weeding out security glitches itself; the FrontPage bug was discovered by an in-house Microsoft developer. The company has slightly delayed the first public beta release of its new browser, Internet Explorer 4.0, in order to scour the product for holes.

More than 200 Internet service providers support the FrontPage WebBots, according to Microsoft.

The company has posted a Web site with more information about the FrontPage glitches, along with links to the bug fixes. Microsoft is recommending that all sites using the affected WebBots upgrade to the new server components.

Last week, a developer also found a security hole in Macromedia's (MACR) Shockwave plug-in that could expose email files in Netscape Mail and other email programs to unauthorized users.