Spyware Doctor
Spyware Doctor with AntiVirus
PC Tools AntiVirus
PC Tools Internet Security
PC Tools Firewall Plus
ThreatFire
Spam Monitor
Registry Mechanic
Desktop Maestro
File Recover
Privacy Guardian
Spyware Doctor Enterprise
Help me choose
WebDAV Service Provider Can Allow Scripts to Levy Requests as User New
A security vulnerability exists in all Microsoft products using the WebDAV component which could allow a remote attacker to impersonate a user and gain access to any resources available to that user.
Issue
The Microsoft Data Access Component Internet Publishing Provider provides access to WebDAV resources over the Internet. By design, it should differentiate between requests made by a user and those made by a script running in the user’s browser. However, because of an implementation flaw, it handles all requests in the security context of the user. As a result, if a user browsed to a web page or opened an HTML e-mail that contained script, that script could access web-based resources as the user.
The specific actions an attacker could take via this vulnerability would depend on the Web-based resources available to the user, and the user’s privileges on them. However, it is likely that at a minimum, the attacker could browse the user’s intranet, and potentially access web-based e-mail as well.
Affected Products
- All WebDAV-enabled Microsoft Products
Download
Patch: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29129
Further Details
Source: Microsoft Corporation
Reference: Microsoft Corporation
Updated: April 18, 2001
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
