Spyware Doctor
Spyware Doctor with AntiVirus
PC Tools AntiVirus
PC Tools Internet Security
PC Tools Firewall Plus
ThreatFire
Spam Monitor
iAntiVirus for Mac OS X
PC Tools Security for Netbooks
Registry Mechanic
Desktop Maestro
File Recover
Privacy Guardian
PC Tools Disk Suite
Help me choose
Flaw in ISA Server Error Pages New
ISA Server contains a number of HTML-based error pages that allow the server to respond to a client requesting a Web resource with a customized error. A cross-site scripting vulnerability exists in many of these error pages that are returned by ISA Server under specific error conditions.
Issue
To exploit this flaw, an attacker would have to first be aware of a specific ISA server and its access policies or host an ISA server of their own and create specific access policies designed to exploit this vulnerability. The attacker could then craft a request to trigger a page refusal. Once the attack was crafted, the attacker would have to host a Web site containing the link, or send the link to the user in the form of an HTML e-mail. After the user previewed or opened the e-mail, the malicious site could be visited automatically without further user interaction. In the Web-based attack scenario, an attacker would have no way to force a user to visit the Web site.
Affected Products
- Microsoft Internet Security and Acceleration (ISA) Server 2000
Download
Further Details
Source: Microsoft Corporation
Reference: Microsoft Corporation
Updated: July 28, 2003
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
