Here's some info on why FrontPage extensions are considered to be unsafe posing unknown dangers:
How FrontPage Works:-
==================
FrontPage tries to GET "http://www.yourdomain.com/_vti_inf.html". This file contains the version of the FP extensions and the path on the server where the extensions are located. When you use Frontpage to upload content, it will try and fetch this file, if it can, it then tries to POST to "http://www.yourdomain.com/_vti_bin/shtml.exe/_vti_rpc" (that's the default). This server binary is not password protected, so it is able to post a query to it. The first thing it does is just establish a protocol rev in which the client and server are going to talk, and what functions the server provides.
If you have any people using Frontpage, it's likely that they FTP'ed the _vti_inf.html from their local computer up to your site. Then they tried to publish, and it tried HTTP first. If HTTP fails, it just kicks over to FTP as the publishing protocol.
Why Is FrontPage Unsafe to Publish Websites?
==================================
Firstly, they maintain a huge number of meta files (one shadow for every file managed) . Then they have all the configuration information in a collection of text files in the _vti_pvt directory. If you go to a site that has FrontPage extensions, just pick any directory in the URL,remove the filename off, and replace it with "_vti_cnf" . Instead of the file, you will get a complete listing of all the files in the real directory. With this you can view files that weren't meant to be seen by the public in general. This happens on all FrontPage enabled websites.
Why is it dangerous?
=================
If you have ever had a look at a FrontPage extensions enabled web server, in the root you would notice a folder named _vti_pvt. Like
www.vicitm.com/_vti_pvt/.This is the folder which has all the important files. The list is as below.
access.cnf
botinfs.cnf
service.cnf
service.pwd
writeto.cnf
Most hackers target the file "service.pwd" since this is the file that is holding the username and the encrypted password for that user. They google for potential victims with the keyword "inurl:"_vti_pvt" inurl:service filetype: pwd". Lets suppose the click was made on the first search result i.e.
http://www.victim.com/_vti_pvt/service.pwd . The file looks like this.
# -FrontPage-
admin:YbV1JnafKRmnQ
In the file above, the first line is just a harmless comment. In the second line, "admin" is the username and "YbV1JnafKRmnQ" is the password which should have been encrypted, but is not! Sometimes, this password is also called password hash. Its encrypted in an encryption algorithm called DES.
Now all you have to do is collect the username and password you want to break. To crack passwords, you get a lot of cracking tools (which can be found over google) Most crackers allow you to put in the username and hashes in it and save it as a file. The time taken by a password cracker to crack a hash depends on the password.A simple password like "stupid" will take hardly a second while something like "R%T^Uk;lyu$£p}?<" will take a bit of time. The cracking speed also depends on your computer's CPU speed to an extent.
Once the hashes have been cracked, just open a FrontPage >> File >> Open Web.Put the address, username and password. You will be inside the user's account!! Once logged in, hackers also try the same username and password for FTP as 8 out of 10 times, the credentials are the same. Once they have full access, you are at their mercy. Also once an account is hacked into, its always very easy to crack into a second time.
PS : Thanks to Nick for this piece of information
Linux - Remove frontpage extensions
Join our Affiliate Program for FREE and earn 20% commission on each referral. 
Linear Mode
