Check Point Advisories

Preemptive Protection against Multiple Microsoft Forefront UAG Cross-Site Scripting Vulnerabilities (MS10-089)

Check Point Reference: CPAI-2010-312
Date Published: 9 Nov 2010
Severity: High
Last Updated: 11 Nov 2010
Source: Microsoft Security Bulletin MS10-089
Industry Reference:CVE-2010-2733
CVE-2010-2734
CVE-2010-3936
Protection Provided by:
Who is Vulnerable? Forefront Unified Access Gateway 2010
Forefront Unified Access Gateway 2010 Update 1
Forefront Unified Access Gateway 2010 Update 2
Vulnerability Description Multiple cross-site scripting vulnerabilities have been reported in Microsoft Forefront Unified Access Gateway (UAG). Microsoft Forefront UAG is a virtual private networking solution that provides secure remote access to corporate networks for remote employees and business partners. It incorporates various remote access technologies such as VPN, SSL-VPN, DirectAccess, and Remote Desktop Services. A remote attacker could exploit these issues to execute a cross-site scripting attack that could allow him to issue commands to the UAG server.
Update/Patch AvaliableApply patches:
Microsoft Security Bulletin MS10-089 
Vulnerability DetailsThese vulnerabilities result from improper input validation of the HTTP stream. This error provides the ability to execute a cross-site scripting attack through the UAG mobile portal. An attacker could exploit these issues by having a user visit the affected Web site using a specially crafted URL. Successful exploitation of these vulnerabilities could allow the attacker to inject a client-side script in the user's browser.

Protection Overview

×
  Feedback
This website uses cookies to ensure you get the best experience. Got it, Thanks! MORE INFO