Description: Doubledot bug in FrontPage FrontPage Personal Web Server. Compromise: Accessing drive trough browser. Vulnerable Systems: Frontpage-PWS32/3.0.2.926 other versions not tested. Details: When FrontPage-PWS runs a site on your c:\ drive your drive could be = accessed by any user accessing your page, simply by requesting any file = in any directory except the files in the FrontPage dir. specially = /_vti_pvt/. How to exploit this bug? Simply adding /..../ in the URL addressbar. http://www.target.com/....// so by requesting http://www.target.com/..../Windows/Admin.pwl the = webserver let us download the .pwl file from the target. Files and dirs. with the hidden attribute set are vulnerable. Solution: The best solution is installing FrontPage on a drive that doesn't = contain Private information. Greetings, Jan van de Rijt aka The Warlock.