Check Point Advisories

Preemptive Protection against Multiple Microsoft Forefront UAG Cross-Site Scripting Vulnerabilities (MS10-089)

Check Point Reference: CPAI-2010-312
Date Published: 9 Nov 2010
Severity: High
Last Updated: Thursday 11 November, 2010
Source: Microsoft Security Bulletin MS10-089
Industry Reference:CVE-2010-2733
CVE-2010-2734
CVE-2010-3936
Protection Provided by:
Who is Vulnerable? Forefront Unified Access Gateway 2010
Forefront Unified Access Gateway 2010 Update 1
Forefront Unified Access Gateway 2010 Update 2
Vulnerability Description Multiple cross-site scripting vulnerabilities have been reported in Microsoft Forefront Unified Access Gateway (UAG). Microsoft Forefront UAG is a virtual private networking solution that provides secure remote access to corporate networks for remote employees and business partners. It incorporates various remote access technologies such as VPN, SSL-VPN, DirectAccess, and Remote Desktop Services. A remote attacker could exploit these issues to execute a cross-site scripting attack that could allow him to issue commands to the UAG server.
Update/Patch AvaliableApply patches:
Microsoft Security Bulletin MS10-089 
Vulnerability DetailsThese vulnerabilities result from improper input validation of the HTTP stream. This error provides the ability to execute a cross-site scripting attack through the UAG mobile portal. An attacker could exploit these issues by having a user visit the affected Web site using a specially crafted URL. Successful exploitation of these vulnerabilities could allow the attacker to inject a client-side script in the user's browser.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK