Summary
The ISA Server 2000 and Proxy Server 2.0 have been found to be vulnerable to a spoofing vulnerability that could enable an attacker to spoof trusted Internet content. Users could believe they are accessing trusted Internet content when in reality they are accessing malicious Internet content, for example a malicious Web site. However, an attacker would first have to persuade a user to visit the attacker's to attempt to exploit this vulnerability.
See http://www.microsoft.com/technet/security/bulletin/ms04-039.mspx
Severity
Classification
-
CVE CVE-2004-0892 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Embedded OpenType Font Engine Remote Code Execution Vulnerability (982132)
- Microsoft .NET Framework Multiple Vulnerabilities (2916607)
- Microsoft .NET Framework Authentication Bypass and Spoofing Vulnerabilities (2836440)
- Microsoft Foundation Class (MFC) Library Remote Code Execution Vulnerability (2500212)
- Checks for MS HOTFIX for snmp buffer overruns