2006-04-12 11:00 Age: 6 yrs

[Microsoft Alert] Microsoft Security Bulletin MS06-017

Vulnerability in Microsoft FrontPage Server Extensions Could

Allow Cross-Site Scripting (917627)

Issued: April 11, 2006

Version: 1.0

 

Summary

Who should read this document: Customers who use Microsoft

FrontPage Server Extensions 2002 or Microsoft SharePoint Team

Services

 

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Moderate

Recommendation: Customers should consider applying the security

update.

Security Update Replacement: This bulletin replaces several prior

security updates. See the frequently asked questions (FAQ) section of

this bulletin for the complete list.

 

Vulnerability Details:

The cross-site scripting vulnerability could allow an attacker to run

client-side script on behalf of an FPSE user. The script could spoof

content, disclose information, or take any action that the user could

take on the affected web site. Attempts to exploit this vulnerability

require user interaction. An attacker who successfully exploited this

vulnerability against an administrator could take complete control of a

Front Page Server Extensions 2002 server.

 

 

 

 

Affected Software:

Microsoft FrontPage Server Extensions 2002 shipped on Microsoft

Windows Server 2003 and Microsoft Windows Server 2003 Service

Pack 1

Microsoft FrontPage Server Extensions 2002 shipped on Microsoft

Windows Server 2003 for Itanium-based Systems and Microsoft

Windows Server 2003 with SP1 for Itanium-based Systems

Microsoft FrontPage Server Extensions 2002 (x64 Edition) downloaded

and installed on Microsoft Windows Server 2003 x64 Edition and

Microsoft Windows XP Professional x64 Edition

Microsoft FrontPage Server Extensions 2002 (x86 Editions)

downloaded and installed on Microsoft Windows Server 2000 Service

Pack 4, Microsoft Windows XP Service Pack 1, and Microsoft Windows

XP Service Pack 2

Microsoft SharePoint Team Services

 

 

 

Non-Affected Software:

Microsoft Windows SharePoint Services

Microsoft FrontPage 2002

Microsoft FrontPage Server Extensions 2000

Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE),

and Microsoft Windows Millennium Edition (ME)

 

 

 

References: http://www.microsoft.com/security/bulletins/current.mspx (Microsoft Security Updates)

<- Back to: Security Alert Listing





2009-08-14 14:35

TA09-223A: Microsoft Updates for Multiple Vulnerabilities

2009-08-14 14:35

TA09-218A: Apple Updates for Multiple Vulnerabilities

2009-08-14 14:35

TA09-209A: Microsoft Windows, Internet Explorer, and Active Template Library (ATL) Vulnerabilities

2009-08-14 14:35

TA09-204A: Adobe Flash Vulnerability Affects Flash Player and Other Adobe Products

2009-08-14 14:35

TA09-195A: Microsoft Updates for Multiple Vulnerabilities

2009-07-13 10:42

TA09-187A: Microsoft Video ActiveX Control Vulnerability

2009-07-13 10:42

TA09-160A: Microsoft Updates for Multiple Vulnerabilities

2009-07-13 10:42

TA09-161A: Adobe Acrobat and Reader Vulnerabilities

2009-07-13 10:42

TA09-133B: Adobe Reader and Acrobat JavaScript Vulnerabilities

2009-07-13 10:42

TA09-133A: Apple Updates for Multiple Vulnerabilities

  |    |