<< Back
CVE Number Vulnerability Product Severity Date
MS10-089 Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege (2316074) Forefront Unified Critical 10-11-2010

Technical Information

Brief overview of the risk:
This security update resolves four privately reported vulnerabilities in Forefront Unified Access Gateway (UAG). The most severe of these vulnerabilities could allow elevation of privilege if a user visits an affected Web site using a specially crafted URL.
Detailed Information on the risk:

A spoofing vulnerability exists in Forefront Unified Access Gateway (UAG). The vulnerability could allow spoofing or redirecting of traffic intended for the UAG server if a UAG user clicks a specially crafted link. An attacker could send a specially crafted URL to a user of the UAG server to redirect Web traffic to a malicious site with content similar to the original Web site.


Further information on this exploit is available at : MS10-089

Affected Software

Forefront Unified Access Gateway 2010
Forefront Unified Access Gateway 2010 Update 1
Forefront Unified Access Gateway 2010 Update 2