|
|
Family: Windows : Microsoft Bulletins --> Category: infos
FrontPage fpadmdll.dll Cross-Site Scripting Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks version of FrontPage's fpadmdll.dll
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a server extension that is affected by
several cross-site scripting flaws.
Description :
The version of Microsoft FrontPage Server Extensions 2002 / SharePoint
Team Services on the remote host fails to sanitize user-supplied input
to the 'operation', 'command', and 'name' parameters of
'/_vti_bin/_vti_adm/fpadmdll.dll' before using it to generate dynamic
HTML. A possible hacker may be able to exploit this issue to cause
arbitrary HTML and script code to be executed by a user's browser in
the context of the affected web site. If the user is an
administrator, successful exploitation will give the attacker complete
control over the affected application.
Solution :
Microsoft has released a set of patches for Frontapage 2002 for XP and
2003 :
http://www.microsoft.com/technet/security/bulletin/ms06-017.mspx
Threat Level:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
