|MS12-026||Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Information Disclosure (2663860)||Microsoft Forefront||Important||11-04-2012|
Brief overview of the risk:
This security update resolves two privately reported vulnerabilities in Microsoft Forefront Unified Access Gateway (UAG). The more severe of the vulnerabilities could allow information disclosure if an attacker sends a specially crafted query to the UAG server.
Detailed Information on the risk:
A spoofing vulnerability exists in Forefront Unified Access Gateway (UAG) that could lead to information disclosure. The vulnerability could allow spoofing by redirecting web traffic intended for the UAG server to a malicious website. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL to a user of a UAG server, and convince the user to click the link. When an authenticated UAG user clicks the link, the authenticated user’s browser session could be redirected to a malicious site that is designed to impersonate a legitimate UAG web interface. By doing so, the attacker could trick the user and potentially acquire sensitive information, such as the user’s credentials.
Further information on this exploit is available at : MS12-026
Affected SoftwareMicrosoft Forefront Unified Access Gateway 2010 Service Pack 1
Microsoft Forefront Unified Access Gateway 2010 Service Pack 1 Update 1