Secunia Security Advisory - A vulnerability has been reported in Microsoft FrontPage Server Extensions, which can be exploited by malicious people to conduct cross-site scripting attacks.
b7acbe9949a565ef882c9814d1e9397f5c79cd96a5872a77a6a4b2bb62a139d4
TITLE:
Microsoft FrontPage Server Extensions Cross-Site Scripting
SECUNIA ADVISORY ID:
SA19623
VERIFY ADVISORY:
http://secunia.com/advisories/19623/
CRITICAL:
Less critical
IMPACT:
Cross Site Scripting
WHERE:
>From remote
SOFTWARE:
Microsoft FrontPage Server Extensions 2002
http://secunia.com/product/6314/
Microsoft SharePoint Team Services
http://secunia.com/product/1529/
DESCRIPTION:
A vulnerability has been reported in Microsoft FrontPage Server
Extensions, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Unspecified input is not properly sanitised before being returned to
users. This can be exploited to execute arbitrary HTML and script
code in a user's browser session in context of a vulnerable site.
SOLUTION:
Apply patches.
FrontPage Server Extensions 2002 (Windows Server 2003 and Windows
Server 2003 SP1):
http://www.microsoft.com/downloads/details.aspx?FamilyId=5C03F85A-5228-47FB-A338-90FA23818E08
FrontPage Server Extensions 2002 (Windows Server 2003 for
Itanium-based systems and Windows Server 2003 with SP1 for
Itanium-based systems):
http://www.microsoft.com/downloads/details.aspx?FamilyId=59F15A6B-CC1B-43D5-A007-BFC9ABB63486
FrontPage Server Extensions 2002 (x64 Edition) downloaded and
installed on Windows Server 2003 x64 Edition and Windows XP Pro x64
Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=F453530D-7063-49AB-B304-9C455DE6D8DA
FrontPage Server Extensions 2002 (x86 Editions) downloaded and
installed on Windows Server 2000 SP4, Windows XP SP1, and Windows XP
SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=F453530D-7063-49AB-B304-9C455DE6D8DA
Microsoft SharePoint Team Services:
http://www.microsoft.com/downloads/details.aspx?FamilyId=EEE40662-39E6-4C07-8241-1AC4F5D24FFC
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Esteban Martínez Fayó.
ORIGINAL ADVISORY:
MS06-017 (KB917627):
http://www.microsoft.com/technet/security/Bulletin/MS06-017.mspx
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed