<< Back
CVE Number Vulnerability Product Severity Date
MS11-079 Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution (2544641) Microsoft Forefront Important 12-10-2011

Technical Information

Brief overview of the risk:
This security update resolves five privately reported vulnerabilities in Microsoft Forefront Unified Access Gateway (UAG). The most severe of these vulnerabilities could allow remote code execution if a user visits an affected Web site using a specially crafted URL.
Detailed Information on the risk:

An HTTP response splitting vulnerability exists in Microsoft Forefront Unified Access Gateway (UAG) server where JavaScript can be injected back to the user in the resulting page, effectively allowing attacker-controlled JavaScript to run in the context of the user clicking the link.


Further information on this exploit is available at : MS11-079

Affected Software

Microsoft Forefront Unified Access Gateway 2010
Microsoft Forefront Unified Access Gateway 2010 Update 1
Microsoft Forefront Unified Access Gateway 2010 Update 2
Microsoft Forefront Unified Access Gateway 2010 Service Pack 1