Check Point Advisories

Preemptive Protection against Microsoft Internet Information Services Cross-Site Scripting Vulnerability (MS08-006)

Check Point Reference: CPAI-2008-031
Date Published: 12 Feb 2008
Severity: High
Last Updated: Tuesday 01 January, 2008
Source: Microsoft Security Bulletin MS08-006
Industry Reference:CVE-2008-0075
Protection Provided by:
Who is Vulnerable? Microsoft Internet Information Services (IIS) 6.0
Microsoft Internet Information Services (IIS) 5.1 on Windows XP SP2
Vulnerability Description A cross-site scripting (XSS) vulnerability exists in Microsoft Internet Information Services (IIS). IIS is a popular set of Internet-based services for Microsoft Windows servers. Successful exploitation of this vulnerability could result in execution of arbitrary code on the IIS server.
Update/Patch AvaliableApply patches:
Microsoft Security Bulletin MS08-006
Vulnerability DetailsThe vulnerability is due to incorrect encoding of HTML content using the IIS ASP HTMLEncode function. A remote attacker may exploit this issue by uploading a specially crafted ASP page to the target IIS server and then requesting it. Successful exploitation of this issue may result in information disclosure, and may allow the attacker to run arbitrary code on the vulnerable system.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK