Follow:

Exploit:Win/ISA.Forms.XSS!CVE-2009-0237

Severity rating
Important

Class/Type
Exploit

Discovered date
2009-04-14T00:00:00

Attack vector
Remote

Authentication required
No

Public exploits available
Yes

Signature detection
Medium



On this page




Description

A cross-site scripting (XSS) vulnerability exists in the HTML forms authentication component in ISA Server or Forefront TMG, cookieauth.dll, which could allow malicious script code to run on the machine of another user under the guise of the server running cookieauth.dll. This is a non-persistent cross-site scripting vulnerability that can lead to spoofing and information disclosure.



Impact

An attacker who successfully exploited this vulnerability could cause script code to run on the machine of another user in the guise of a third-party Web site. Such script code would run inside the browser when visiting the third-party Web site, and could take any action on the user's computer that the third-party Web site was permitted to take. The vulnerability could only be exploited if the user clicked on a hypertext link, either in an HTML e-mail or if the user visited an attacker's Web site or a Web site containing content that is under the attacker’s control.



Technical details (analysis)

Cross-site scripting (XSS) is a class of security vulnerability that can enable an attacker to "inject" script code into a user's session with a Web site. The vulnerability can affect Web servers that dynamically generate HTML pages. This vulnerability results from improper input validation of the HTTP stream. This error provides the ability to execute a cross-site scripting attack through the cookieauth.dll component in ISA Server or Microsoft Forefront TMG MBE.



Affected software

Microsoft Forefront Threat Management Gateway, Medium Business Edition
Microsoft Internet Security and Acceleration Server 2004 Standard Edition Service Pack 3
Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition Service Pack 3
Microsoft Internet Security and Acceleration Server 2006
Microsoft Internet Security and Acceleration Server 2006 Supportability Update
Microsoft Internet Security and Acceleration Server 2006 Service Pack 1



Non-affected software

All applications not on the affected list



References




Solutions




NIS signature

Name: Exploit:Win/ISA.Forms.XSS!CVE-2009-0237
Release Date: 2009-04-14T00:00:00



Known false positives

No known false positives at this time.



Work-arounds

Microsoft has not identified any workarounds for this vulnerability.