Severity: High
10 April, 2007
Summary:
Today, Microsoft released a security bulletin describing two vulnerabilities that affect Microsoft Content Management Server 2001 and 2002. By sending a specially crafted HTTP request, an attacker could exploit the worst of these vulnerabilities to gain complete control of your Content Management Server. If you manage a Content Management Server, you should download, test, and install Microsoft’s corresponding patch immediately.
Exposure:
The Microsoft Content Management Server (MCMS) helps you build, deploy, and maintain Web sites.
In a security bulletin released today as part of their monthly patch update, Microsoft describes two vulnerabilities that affect MCMS 2001 and 2002. The worst flaw involves MCMS’s inability to handle unexpected characters in an HTTP request, which results in a memory corruption. A skilled attacker can take advantage of this memory corruption to inject and execute malicious code. By sending a specially crafted HTTP request, an attacker could exploit this flaw to gain complete control of your MCMS.
Severity: High
10 April, 2007
Summary:
Today, Microsoft released a security bulletin describing two vulnerabilities that affect Microsoft Content Management Server 2001 and 2002. By sending a specially crafted HTTP request, an attacker could exploit the worst of these vulnerabilities to gain complete control of your Content Management Server. If you manage a Content Management Server, you should download, test, and install Microsoft’s corresponding patch immediately.
Exposure:
The Microsoft Content Management Server (MCMS) helps you build, deploy, and maintain Web sites.
In a security bulletin released today as part of their monthly patch update, Microsoft describes two vulnerabilities that affect MCMS 2001 and 2002. The worst flaw involves MCMS’s inability to handle unexpected characters in an HTTP request, which results in a memory corruption. A skilled attacker can take advantage of this memory corruption to inject and execute malicious code. By sending a specially crafted HTTP request, an attacker could exploit this flaw to gain complete control of your MCMS.
MCMS also suffers from a less severe Cross-Site Scripting (XSS) vulnerability, which you can learn more about in Microsoft’s bulletin. However, the previously described remote code vulnerability alone should convince you to install Microsoft’s MCMS patch immediately.
Solution Path:
Microsoft has released patches that correct this flaw. Microsoft Content Management Server (MCMS) administrators should download, test, and install the appropriate patch as soon as possible.
Status:
Microsoft has released patches that fix this issue.
References:
Microsoft Security Bulletin MS07-018