Summary
| Detail | |||
|---|---|---|---|
| Vendor | Microsoft | First view | 2001-07-02 |
| Product | Isa Server | Last view | 2009-08-12 |
| Version | 2004 | Type | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 9.3 | 2009-08-12 | CVE-2009-1534 | Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability." |
| 9.3 | 2009-08-12 | CVE-2009-0562 | The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office Web Components Memory Allocation Vulnerability." |
| 9.3 | 2009-07-15 | CVE-2009-1136 | The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability." |
| 9 | 2009-07-15 | CVE-2009-1135 | Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability." |
| 5 | 2007-09-21 | CVE-2007-4991 | The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information (the destination IP address of another user's session) via an empty packet. |
| 10 | 2007-02-22 | CVE-2006-7027 | Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks. |
| 7.5 | 2006-07-18 | CVE-2006-3652 | Microsoft Internet Security and Acceleration (ISA) Server 2004 allows remote attackers to bypass file extension filters via a request with a trailing "#" character. NOTE: as of 20060715, this could not be reproduced by third parties. |
| 7.5 | 2006-04-06 | CVE-2006-1651 | Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that "Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6 filtering ... This is different network protocol. |
| 7.5 | 2005-06-14 | CVE-2005-1216 | Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter. |
| 7.5 | 2005-06-14 | CVE-2005-1215 | Microsoft ISA Server 2000 allows remote attackers to poison the ISA cache or bypass content restriction policies via a malformed HTTP request packet containing multiple Content-Length headers. |
| 5 | 2005-05-31 | CVE-2005-1907 | The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic. |
| 7.5 | 2005-01-27 | CVE-2004-0892 | Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results. |
| 6.8 | 2003-08-18 | CVE-2003-0526 | Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found." |
| 5 | 2003-05-05 | CVE-2003-0110 | The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745. |
| 5 | 2003-03-24 | CVE-2003-0011 | Unknown vulnerability in the DNS intrusion detection application filter for Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (blocked traffic to DNS servers) via a certain type of incoming DNS request that is not properly handled. |
| 7.5 | 2002-07-03 | CVE-2002-0371 | Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response. |
| 5 | 2001-12-31 | CVE-2001-1533 | Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE |
| 7.5 | 2001-09-20 | CVE-2001-0658 | Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message. |
| 2.1 | 2001-09-20 | CVE-2001-0547 | Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion). |
| 5 | 2001-09-20 | CVE-2001-0546 | Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data. |
| 7.5 | 2001-07-02 | CVE-2001-0239 | Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 20% (1) | CWE-399 | Resource Management Errors |
| 20% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 20% (1) | CWE-200 | Information Exposure |
| 20% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 20% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
CAPEC : Common Attack Pattern Enumeration & Classification
| id | Name |
|---|---|
| CAPEC-18 | Embedding Scripts in Nonscript Elements |
| CAPEC-33 | HTTP Request Smuggling |
| CAPEC-63 | Simple Script Injection |
| CAPEC-73 | User-Controlled Filename |
| CAPEC-105 | HTTP Request Splitting |
| CAPEC-273 | HTTP Response Smuggling |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:98 | Gopher Client Buffer Overflow |
| oval:org.mitre.oval:def:406 | Microsoft Winsock Proxy Service Denial of Service |
| oval:org.mitre.oval:def:117 | Microsoft ISA Server Cross-Site Scripting |
| oval:org.mitre.oval:def:4859 | Proxy Server Reverse DNS Lookup Results Spoofing |
| oval:org.mitre.oval:def:4264 | ISA Server Reverse DNS Lookup Results Spoofing |
| oval:org.mitre.oval:def:1145 | ISA Server Poison Cache Vulnerability |
| oval:org.mitre.oval:def:468 | ISA Server NetBIOS Packet Filter Bypass Vulnerability |
| oval:org.mitre.oval:def:5649 | Radius OTP Bypass Vulnerability |
| oval:org.mitre.oval:def:5809 | Office Web Components HTML Script Vulnerability |
| oval:org.mitre.oval:def:6337 | Office Web Components Memory Allocation Vulnerability |
| oval:org.mitre.oval:def:6326 | Office Web Components Buffer Overflow Vulnerability |
SAINT Exploits
| Description | Link |
|---|---|
| Microsoft Office Web Components OWC.Spreadsheet Evaluate method vulnerability | More info here |
| Microsoft Office Web Components OWC.Spreadsheet.9 HTMLURL property overflow | More info here |
| Microsoft Office Web Components DataSourceControl ActiveX Control memory allocation | More info here |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 56916 | Microsoft Office Web Components HTMLURL Parameter ActiveX Spreadsheet Object ... |
| 56914 | Microsoft Office Web Components OWC10 ActiveX Loading/Unloading Memory Alloca... |
| 55836 | Microsoft ISA Server 2006 Radius OTP Security Bypass |
| 55806 | Microsoft Office Web Components OWC10.Spreadsheet ActiveX msDataSourceObject(... |
| 45906 | Microsoft ISA Server SOCKS4 Proxy Empty Packet Cross Session Destination IP D... |
| 45262 | Microsoft ISA Server Host Header Log File Content Injection |
| 38488 | Microsoft ISA Server File Extension Filter Bypass |
| 33638 | Microsoft ISA Server IPv6 Filter Rule Bypass |
| 20241 | Microsoft ISA Server Fragmented UDP Saturation DoS |
| 17312 | Microsoft ISA Server NetBIOS Predefined Filter Privilege Escalation |
| 17311 | Microsoft ISA Server Cache Poisoning Restriction Bypass |
| 17031 | Microsoft ISA Server 2000 SecureNAT Traffic Saturation DoS |
| 14396 | Microsoft ISA DNS Intrusion Detection Filter DoS |
| 11579 | Microsoft ISA Server / Proxy Server Internet Content Spoofing |
| 6967 | Microsoft ISA Server 2000 UDP Packet Winsock DoS |
| 3004 | Microsoft IE Gopher Client Overflow |
| 2320 | Microsoft ISA Server HTTP Error Handler XSS |
| 2298 | Microsoft ISA Server Error Page XSS |
| 1934 | Microsoft ISA Server Invalid URL Error Message XSS |
| 1933 | Microsoft ISA Server Proxy Service Memory Leak DoS |
| 1932 | Microsoft ISA Server H.323 Memory Leak DoS |
| 1789 | Microsoft ISA Server Web Proxy DoS |
OpenVAS Exploits
| id | Description |
|---|---|
| 2009-07-18 | Name : Microsoft Office Web Components ActiveX Control Code Execution Vulnerability File : nvt/gb_ms_office_web_compnts_actvx_code_exec_vuln.nasl |
| 2009-07-15 | Name : Microsoft ISA Server Privilege Escalation Vulnerability (970953) File : nvt/secpod_ms09-031.nasl |
| 2005-11-03 | Name : Microsoft ISA Server DNS - Denial Of Service (MS03-009) File : nvt/smb_nt_ms03-009.nasl |
| 2005-11-03 | Name : ISA Server 2000 and Proxy Server 2.0 Internet Content Spoofing (888258) File : nvt/smb_nt_ms04-039.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2009-A-0069 | Multiple Vulnerabilities in Microsoft Office Web Components Severity: Category II - VMSKEY: V0019877 |
| 2009-B-0031 | Microsoft ISA Server Elevation of Privilege Vulnerability Severity: Category II - VMSKEY: V0019760 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Microsoft Office Data Source Control 10.0 ActiveX clsid unicode access RuleID : 7877 - Type : WEB-ACTIVEX - Revision : 10 |
| 2014-01-10 | Microsoft Office Data Source Control 10.0 ActiveX clsid access RuleID : 7876 - Type : BROWSER-PLUGINS - Revision : 18 |
| 2014-01-10 | Microsoft Office Spreadsheet 10.0 ActiveX clsid unicode access RuleID : 7873 - Type : WEB-ACTIVEX - Revision : 9 |
| 2014-01-10 | Microsoft Office Spreadsheet 10.0 ActiveX clsid access RuleID : 7872 - Type : BROWSER-PLUGINS - Revision : 17 |
| 2014-01-10 | Squid content length cache poisoning attempt RuleID : 3694 - Type : SERVER-WEBAPP - Revision : 14 |
| 2014-11-16 | Microsoft Office Spreadsheet 10.0 ActiveX clsid access RuleID : 31759 - Type : BROWSER-PLUGINS - Revision : 2 |
| 2014-11-16 | Microsoft Office Spreadsheet 10.0 ActiveX function call access RuleID : 31758 - Type : BROWSER-PLUGINS - Revision : 2 |
| 2014-11-16 | Microsoft Office Web Components 11 Spreadsheet ActiveX function call access RuleID : 31757 - Type : BROWSER-PLUGINS - Revision : 2 |
| 2014-11-16 | Microsoft Office Web Components 11 Spreadsheet ActiveX clsid access RuleID : 31756 - Type : BROWSER-PLUGINS - Revision : 2 |
| 2014-01-10 | ISA Server OTP-based Forms-authorization fallback policy bypass attempt RuleID : 17041 - Type : SERVER-OTHER - Revision : 8 |
| 2014-01-10 | Microsoft Office Web Components Spreadsheet ActiveX buffer overflow attempt RuleID : 16786 - Type : FILE-OFFICE - Revision : 11 |
| 2014-01-10 | Microsoft ISA Server DNS spoofing attempt RuleID : 15988 - Type : OS-WINDOWS - Revision : 6 |
| 2014-01-10 | Microsoft Office Web Components Spreadsheet ActiveX clsid unicode access RuleID : 15859 - Type : WEB-ACTIVEX - Revision : 5 |
| 2014-01-10 | Microsoft Office Web Components Spreadsheet ActiveX clsid access RuleID : 15858 - Type : BROWSER-PLUGINS - Revision : 12 |
| 2014-01-10 | Microsoft Office Spreadsheet 10.0 ActiveX function call unicode access RuleID : 15856 - Type : WEB-ACTIVEX - Revision : 5 |
| 2014-01-10 | Microsoft Office Spreadsheet 10.0 ActiveX function call access RuleID : 15855 - Type : BROWSER-PLUGINS - Revision : 10 |
| 2014-01-10 | Microsoft Office Web Components Datasource ActiveX clsid unicode access RuleID : 15853 - Type : WEB-ACTIVEX - Revision : 5 |
| 2014-01-10 | Microsoft Office Web Components Datasource ActiveX clsid access RuleID : 15852 - Type : BROWSER-PLUGINS - Revision : 10 |
| 2014-01-10 | Microsoft Office Web Components 11 Spreadsheet ActiveX function call unicode ... RuleID : 15692 - Type : WEB-ACTIVEX - Revision : 6 |
| 2014-01-10 | Microsoft Office Web Components 11 Spreadsheet ActiveX function call access RuleID : 15691 - Type : BROWSER-PLUGINS - Revision : 11 |
| 2014-01-10 | Microsoft Office Web Components 11 Spreadsheet ActiveX clsid unicode access RuleID : 15690 - Type : WEB-ACTIVEX - Revision : 6 |
| 2014-01-10 | Microsoft Office Web Components 11 Spreadsheet ActiveX clsid access RuleID : 15689 - Type : BROWSER-PLUGINS - Revision : 11 |
| 2014-01-10 | ISA Server OTP-based Forms-authorization fallback policy bypass attempt RuleID : 15683 - Type : SERVER-OTHER - Revision : 10 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2009-08-11 | Name: Arbitrary code can be executed on the remote host through Microsoft Office We... File: smb_nt_ms09-043.nasl - Type: ACT_GATHER_INFO |
| 2009-07-14 | Name: The remote Windows host contains an ActiveX control that could allow remote c... File: smb_kb_973472.nasl - Type: ACT_GATHER_INFO |
| 2009-07-14 | Name: The remote host contains an application that is affected by a privilege escal... File: smb_nt_ms09-031.nasl - Type: ACT_GATHER_INFO |
| 2005-06-14 | Name: A user can elevate his privileges. File: smb_nt_ms05-034.nasl - Type: ACT_GATHER_INFO |
| 2004-11-13 | Name: It is possible to spoof the content of the remote proxy server. File: smb_nt_ms04-039.nasl - Type: ACT_GATHER_INFO |
| 2003-04-13 | Name: It is possible to launch a denial of service attack against the remote proxy ... File: smb_nt_ms03-012.nasl - Type: ACT_GATHER_INFO |
| 2003-03-21 | Name: It is possible to launch a denial of service attack against the remote DNS ap... File: smb_nt_ms03-009.nasl - Type: ACT_GATHER_INFO |
| 2003-03-02 | Name: The HTTP proxy accepts gopher:// requests. File: proxy_gopher.nasl - Type: ACT_GATHER_INFO |
