CVE-2003-0822

Microsoft FrontPage Server Extensions <2002 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2003-0822. PoCs published by Metasploit, Adik, hdm, including Metasploit module exploits/windows/isapi/ms03_051_fp30reg_chunked.

AI-analyzed exploit summary This is a Metasploit module exploiting a chunked encoding buffer overflow in Microsoft IIS ISAPI FrontPage fp30reg.dll (CVE-2003-0822). It targets Windows 2000 SP0-SP3 and uses a crafted POST request with chunked encoding to achieve remote code execution.

Description

Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16356

This is a Metasploit module exploiting a chunked encoding buffer overflow in Microsoft IIS ISAPI FrontPage fp30reg.dll (CVE-2003-0822). It targets Windows 2000 SP0-SP3 and uses a crafted POST request with chunked encoding to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft IIS with FrontPage Extensions (fp30reg.dll)
No auth needed
Prerequisites: Vulnerable version of Microsoft IIS with FrontPage Extensions enabled · Network access to the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Adik · cremotewindows
https://www.exploit-db.com/exploits/121

This exploit targets a buffer overflow vulnerability in Microsoft FrontPage Server Extensions (CVE-2003-0822) by sending a maliciously crafted HTTP POST request to fp30reg.dll. It includes shellcode to bind a persistent command shell on port 9999.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft FrontPage Server Extensions (fp30reg.dll version 4.0.2.5526)
No auth needed
Prerequisites: Network access to the target server · FrontPage Server Extensions installed and vulnerable
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
by hdm · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/isapi/ms03_051_fp30reg_chunked.rb

This Metasploit module exploits a chunked encoding buffer overflow in Microsoft IIS ISAPI FrontPage fp30reg.dll (CVE-2003-0822). It targets Windows 2000 SP0-SP3 by sending a maliciously crafted POST request with chunked encoding to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft IIS with FrontPage Extensions (fp30reg.dll) on Windows 2000 SP0-SP3
No auth needed
Prerequisites: Network access to the target IIS server · FrontPage Extensions installed and accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (11)

Core 11
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A364
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=106865318904055&w=2
Mailing List mailing-list x_refsource_ntbugtraq
http://marc.info/?l=ntbugtraq&m=106862654906759&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/13674
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/279156
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A699
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/10195
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A367
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A366
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A743

Scores

EPSS 0.8126
EPSS Percentile 99.6%

Details

Status published
Products (5)
microsoft/frontpage_server_extensions 2000
microsoft/frontpage_server_extensions 2002
microsoft/sharepoint_team_services 2002
microsoft/windows_2000 (2 CPE variants)
microsoft/windows_xp (3 CPE variants)
Published Dec 15, 2003
Tracked Since Feb 18, 2026