Computer Security
[EN] securityvulns.ru no-pyccku


Related information

  Дырка в MS DAC (Internet Publishing Provider)

From:MICROSOFT <secure_(at)_microsoft.com>
Date:19.04.2001
Subject:Security Bulletin MS01-022

- ----------------------------------------------------------------------
Title:      WebDAV Service Provider Can Allow Scripts to Levy
           Requests as User
Date:       18 April 2001
Software:   Microsoft Data Access Component Internet Publishing
           Provider
Impact:     Web-based script could levy WebDAV requests on the user's
           behalf.
Bulletin:   MS01-022

Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS01-022.asp.
- ----------------------------------------------------------------------

Issue:
======
The Microsoft Data Access Component Internet Publishing Provider
provides access to WebDAV resources over the Internet. By design, it
should differentiate between requests made by a user and those made
by
a script running in the user's browser. However, because of an
implementation flaw, it handles all requests in the security context
of
the user. As a result, if a user browsed to a web page or opened an
HTML e-mail that contained script, that script could access web-based
resources as the user.

The specific actions an attacker could take via this vulnerability
would depend on the Web-based resources available to the user, and
the
user's privileges on them. However, it is likely that at a minimum,
the
attacker could browse the user's intranet, and potentially access
web-based e-mail as well.

Mitigating Factors:
====================
- The attacker would need to possess significant inside information
in
  order to carry out a successful attack, such as server names,
folder
  structures, and other user- and network-specific information. This
  vulnerability would therefore be most likely used as part of an
  insider attack.
- The vulnerability could not be exploited against stand-alone
  machines.
- The vulnerability could not be exploited if Active Scripting was
  disabled in the Security Zone the script opened in.

Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read the
  Security Bulletin
  http://www.microsoft.com/technet/security/bulletin/ms01-022.asp
  for information on obtaining this patch.

- ---------------------------------------------------------------------

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED
"AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT
SHALL
MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES
WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL,
LOSS
OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR
CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY
NOT
APPLY.

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod