Summary
The ISA Server 2000 and Proxy Server 2.0 have been found to be vulnerable to a spoofing vulnerability that could enable an attacker to spoof trusted Internet content. Users could believe they are accessing trusted Internet content when in reality they are accessing malicious Internet content, for example a malicious Web site. However, an attacker would first have to persuade a user to visit the attacker's to attempt to exploit this vulnerability.
See http://www.microsoft.com/technet/security/bulletin/ms04-039.mspx
Severity
Classification
-
CVE CVE-2004-0892 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Microsoft Active Directory LDAP Remote Code Execution Vulnerability (969805)
- Consent User Interface Privilege Escalation Vulnerability (2442962)
- Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2604930)
- Microsoft .NET Framework Privilege Elevation Vulnerability (2769324)
- Certificate Validation Flaw Could Enable Identity Spoofing (Q328145)