Summary
This host is missing a critical security update according to Microsoft Bulletin MS09-016.
Impact
Exploitation could allow remote user's to cause a web listener to stop responding to new requests and can also conduct cross site attacks.
Impact Level: System/Network.
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms09-016.mspx
Insight
- Pop error in the firewall engine when handling the session state for Web proxy or Web publishing listeners.
- An input validation error in the HTML forms authentication component (cookieauth.dll).
Affected
Microsoft Internet Security and Acceleration Server 2004 (Ent and Std).
Microsoft Internet Security and Acceleration Server 2006 and with SP1.
Microsoft Internet Security and Acceleration Server 2006 with Update
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-0077, CVE-2009-0237 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Microsoft SharePoint Foundation HTML Sanitisation Component XSS Vulnerability (2821818)
- Microsoft SQL Server Report Manager Cross Site Scripting Vulnerability (2754849)
- Microsoft Products HTML Sanitisation Component XSS Vulnerability (2741517)
- Microsoft SharePoint Server HTML Sanitisation Component XSS Vulnerability (2821818)
- Microsoft Office Security Feature Bypass Vulnerability (3033857)