Public exploits available
On this page
A remote code execution vulnerability exists in Content Management Server because of the way that it handles a specially crafted HTTP request. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
An attacker who successfully exploited this vulnerability could take complete control of the affected system.
Technical details (analysis)
Microsoft Content Management Server (MCMS) enables customers to build, deploy, and maintain Web sites. Using MCMS, customers can create, publish and manage Web content, as well as managing the server resources that are available to the site. A remote code execution vulnerability results from the way that the Microsoft Content Management Server handles unexpected characters in an HTTP request. An attacker could try to exploit the vulnerability by constructing a specially crafted URL and sending an HTTP GET request to a CMS system.
Microsoft Content Management Server 2001 Service Pack 1
Microsoft Content Management Server 2002 Service Pack 2
All applications not on the affected list.
Release Date: 2007-04-10T00:00:00
Known false positives
No known false positives at this time.
We have not identified any workarounds for this vulnerability.