Vulnerabilities in Forefront Unified Access Gateway could Cause Cross Site Scripting Resulting in Elevation of Privilege
-
|
File name:
|
Date Published:
|
|
UAG-KB2433584-v4.0.1152.150-ENU.msp
|
11/8/2010
|
|
Version:
|
File size:
|
|
4.0.1152.150
|
10.8 MB
|
This security update resolves four privately reported vulnerabilities in Forefront Unified Access Gateway 2010 (UAG). The most severe of these vulnerabilities could allow elevation of privilege if a user visits an affected Web site using a specially crafted URL. An attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability.
Here are the cases with the severity rating:
UAG Redirection Issue May Allow Phishing Vulnerability - CVE-2010-2732 (Important - Spoofing)
UAG XSS Allows EOP Vulnerability - CVE-2010-2733 (Important - Elevation of Privilege)
XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability - CVE-2010-2734 (Important - Elevation of Privilege)
XSS in Sginurl.asp Vulnerability - CVE-2010-3936 (Important - Elevation of Privilege)
-
Supported Operating System
Windows Server 2008 R2
Forefront UAG can be installed on computers running the Windows Server 2008 R2 Standard or Windows Server 2008 R2 Enterprise 64-bit operating systems.
-
1. For the file you want to download, click the Download button on this page.
2. Click Save to download to your computer.
Popular downloads