| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS11-079 | Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution (2544641) | Microsoft Forefront | Important | 12-10-2011 |
Technical Information
Brief overview of the risk:
This security update resolves five privately reported vulnerabilities in Microsoft Forefront Unified Access Gateway (UAG). The most severe of these vulnerabilities could allow remote code execution if a user visits an affected Web site using a specially crafted URL.
Detailed Information on the risk:
An HTTP response splitting vulnerability exists in Microsoft Forefront Unified Access Gateway (UAG) server where JavaScript can be injected back to the user in the resulting page, effectively allowing attacker-controlled JavaScript to run in the context of the user clicking the link.
Further information on this exploit is available at : MS11-079
Affected Software
Microsoft Forefront Unified Access Gateway 2010Microsoft Forefront Unified Access Gateway 2010 Update 1
Microsoft Forefront Unified Access Gateway 2010 Update 2
Microsoft Forefront Unified Access Gateway 2010 Service Pack 1