Public exploits available
A spoofing vulnerability exists in Forefront Unified Access Gateway (UAG). The vulnerability could allow non-privileged users to send specially crafted URLs to UAG users, thereby spoofing or redirecting traffic intended for the UAG server.
The attacker can redirect the authenticated UAG user to a malicious Web page and trick them into entering username, password, or other private information.
The vulnerability is caused by the application failing to validate and confirm redirection to an external Web site. An attacker can direct an UAG user to a local UAG URL through e-mail, IM, or other means. The URL will redirect the user's browser session to an arbitrary site that will host the second stage of the attack.
All applications not on the affected list.
This signature can cause false positives if you are not running any of the affected software versions or if you've already applied the patch.
No known work-arounds at this time.