[SNS Advisory No.58] Microsoft IIS Local Cross-site Scripting Vulnerability

From: snsadvat_private
Date: Mon Nov 04 2002 - 19:17:02 PST

Next message: Dave Ahmad: "RE: [security bulletin] SSRT2265 HP TruCluster Server Interconnect Potential Security Vulnerability (fwd)"

Previous message: d k: "Re: Accesspoints disclose wep keys, password and mac filter (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

----------------------------------------------------------------------
SNS Advisory No.58
Microsoft IIS Local Cross-site Scripting Vulnerability

Problem first discovered: Tue, 28 May 2002
Published: Tue, 5 Nov 2002
Reference: http://www.lac.co.jp/security/intelligence/SNSAdvisory/58.html
----------------------------------------------------------------------

Overview:
---------
  A sample content in the administration page of Microsoft Internet 
  Information Services is prone to a cross-site scripting vulnerability.

Details:
--------
  A cross-site scripting vulnerability occurs because a specific ASP 
  file in the IISHELP virtual directory implemented with Microsoft 
  Internet Information Services (IIS) does not sanitize external input.

  This problem can be triggered if an IIS system administrator views a 
  specially crafted HTML page containing a hyperlink or through a 
  malicious HTML formatted mail because the IISHELP virtual directory 
  is restricted to local access.

  In this case, the HTML tag will not be sanitized and will be embedded 
  into a Web page and rendered by browsers.

  If the page is viewed with Internet Explorer, the malicious script will 
  be executed on the "Intranet" security zone.  This will make it possible 
  to monitor sessions, copy personal data to a third site or run certain
  types of local programs.

Tested Versions:
----------------
  Microsoft Internet Information Services 5.0

Tested OS:
----------
  Windows 2000 Server + SP3

Solution:
---------
  Apply a patch available at:

  MS02-062 Cumulative Patch for Internet Information Service (Q327696)
  http://www.microsoft.com/technet/security/bulletin/ms02-062.asp

Discovered by:
--------------
  ARAI Yuu y.araiat_private

Acknowledgements:
-----------------
  Thanks to:
  Security Response Team of Microsoft Asia Limited

Disclaimer:
-----------
  All information in these advisories are subject to change without any
  advanced notices neither mutual consensus, and each of them is released
  as it is. LAC Co.,Ltd. is not responsible for any risks of occurrences
  caused by applying those information. 

------------------------------------------------------------------
Secure Net Service(SNS) Security Advisory <snsadvat_private>
Computer Security Laboratory, LAC  http://www.lac.co.jp/security/

Next message: Dave Ahmad: "RE: [security bulletin] SSRT2265 HP TruCluster Server Interconnect Potential Security Vulnerability (fwd)"
Previous message: d k: "Re: Accesspoints disclose wep keys, password and mac filter (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Nov 05 2002 - 09:34:05 PST