Symantec product detections for Microsoft monthly Security Advisories - April 2009

Article:TECH138062  |  Created: 2010-08-19  |  Updated: 2013-01-09  |  Article URL http://www.symantec.com/docs/TECH138062
Article Type
Technical Solution


Issue



This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Advisories.

 

Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.


Solution



April 14, 2009

 

ID and Rating

 

Description

Details

Intrusion Protection System (IPS) Response

Other Detections

CAN/CVE ID:

CVE-2009-0238

 

BID:

33870

 

Microsoft ID:

MS09-009

 

MSKB:

968557

 

Microsoft Rating:

Critical

Microsoft Excel Invalid Object Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 Microsoft Office Excel 2000 SP3

Microsoft Office Excel 2002 SP3

Microsoft Office Excel 2003 SP3

Microsoft Office Excel 2007 SP1

 Microsoft Office for Mac

Microsoft Office 2004 for Mac

Microsoft Office 2008 for Mac

Microsoft Office Excel Viewer 2003 SP3

Microsoft Office Excel Viewer

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats

A previously disclosed (Feb. 23, 2009) remote code-execution vulnerability affects Excel when handling an invalid object in a specially crafted Excel file.

An attacker can exploit this issue by tricking a victim into opening a malicious file with an affected application.

Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

Bloodhound.Exploit.226

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0100

 

BID:

34413

 

Microsoft ID:

MS09-009

 

MSKB:

968557

 

Microsoft Rating:

Critical

Excel Memory Corruption  Vulnerability  

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Office Excel 2000 SP3

 Microsoft Office Excel 2002 SP3

 Microsoft Office Excel 2003 SP3

 Microsoft Office Excel 2007 SP1

 Microsoft Office for Mac, Microsoft Office 2004 for Mac

 Microsoft Office 2008 for Mac

 Microsoft Office Excel Viewer

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats

A remote code-execution vulnerability affects Excel when handling a specially crafted Excel file.

An attacker can exploit this issue by tricking a victim into opening a malicious file with an affected application.

Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

Bloodhound.Exploit.234

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0087 

 

BID:

29769

 

Microsoft ID:

MS09-010

 

MSKB:

960477

 

Microsoft Rating:

Critical

Microsoft Word Bulleted List Handling Remote Memory Corruption Vulnerability 

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Professional x64 Edition, Windows XP Professional x64 Edition SP2

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64 Edition, Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems

Microsoft Office Word 2000 SP3, and Microsoft Office Word 2002 SP3

A previously disclosed (June 17, 2008) remote code-execution vulnerability affects the WordPad and Office text converters.

 An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID:

N/A

 

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0088

 

BID:

34469

 

Microsoft ID:

MS09-010

 

MSKB:

960477

 

Microsoft Rating:

Critical

Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Office Word 2000 SP3

A remote code-execution vulnerability affects the WordPerfect 6.x converter of Microsoft Word 2000.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious WordPerfect file with Word

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0084

 

BID:

34460

 

Microsoft ID:

MS09-011

 

MSKB:

961373

 

Microsoft Rating:

Critical

Microsoft Directshow MJPEG Decompression Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

DirectX 8.1 and 9.0

A remote code execution vulnerability affects DirectShow when handling a specially crafted compressed ‘MJPEG’ file.

 An attacker can exploit this issue by tricking a victim into viewing a specially crafted streaming video file.

Successful exploits will result in the execution of arbitrary code in the context of the currently logged-in user.

Sig ID:

N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0550

 

BID:

33439

 

Microsoft ID:

MS09-013

 

MSKB:

960803

 

Microsoft Rating:

Critical

 

Windows HTTP Services Credential Reflection Vulnerability 

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Professional x64 Edition,Windows XP Professional x64 Edition SP2

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64 Edition, Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems

 Windows Vista, Windows Vista SP1, Windows Vista x64 Edition, Windows Vista x64 Edition SP1

Windows Server 2008 for 32-bit Systems, x64-based Systems, and Itanium-based Systems

This is a remote code-execution vulnerability that  affects Windows HTTP service (WinHTTP API) because the service does not properly handle NTLM credentials.

 This issue is similar to the vulnerability discussed in BID 7385 (Microsoft Windows SMB Credential Reflection Vulnerability).

 An attacker that can trick a victim into visiting a malicious server with an application using the affected API, can reflect the victim’s credentials back, and potentially gain access to the victim’s computer.

 

Note: This issue is also being addressed in MS09-014 Cumulative Security Update for Internet Explorer (963027)

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0086

 

BID:

34435

 

Microsoft ID:

MS09-013

 

MSKB:

960803

 

Microsoft Rating:

Critical

Windows HTTP Services Integer Underflow Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Windows 2000 SP4

 Windows XP SP2 and SP3

Windows XP Professional x64 Edition

Windows XP Professional x64 Edition SP2

 Windows Server 2003 SP1 and SP2

 Windows Server 2003 x64 Edition

 Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems

Windows Vista, Windows Vista SP1

 Windows Vista x64 Edition

Windows Vista x64 Edition SP1

Windows Server 2008 for 32-bit Systems, x64-based Systems, and Itanium-based Systems

A remote code execution vulnerability affects Windows HTTP services (WinHTTP API) due to how it handles certain parameters returned from a remote Web server.

An attacker must get an application using the affected API to connect to an attacker-controlled server to exploit this issue.

This may be accomplished through social engineering, or through other attacks.

Successful exploits will result in the execution of attacker-supplied code in the context of the application using the API.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0554

 

BID:

34436

 

Microsoft ID:

MS09-014

 

MSKB:

963027

 

Microsoft Rating:

Critical

Uninitialized Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Internet Explorer 5.01 SP4, 6, 6 SP1, and 7

A remote code-execution vulnerability affects Internet Explorer when handling an object that has not been properly initialized or deleted.

An attacker can exploit this issue by tricking a victim into viewing a web page containing malicious content.

Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: 23327

 

Detected as "HTTP MSIE Marquee Code Exec"

 

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0553

 

BID:

34424

 

Microsoft ID:

MS09-014

 

MSKB:

963027

 

Microsoft Rating:

Critical

Uninitialized Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Internet Explorer 5.01 SP4, 6, 6 SP1, and 7

A remote code-execution vulnerability affects Internet Explorer when handling an object that has not been properly initialized or deleted.

An attacker can exploit this issue by tricking a victim into viewing a web page containing malicious content.

Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0552

 

BID:

34423

 

Microsoft ID:

MS09-014

 

MSKB:

963027

 

Microsoft Rating:

Critical

Uninitialized Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Internet Explorer 5.01 SP4, 6, and 6 SP1

A remote code-execution vulnerability affects Internet Explorer when handling an object that has not been properly initialized or deleted.

An attacker can exploit this issue by tricking a victim into viewing a web page containing malicious content.

Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0551

 

BID:

34438

 

Microsoft ID:

MS09-014

 

MSKB:

963027

 

Microsoft Rating:

Critical

Page Transition Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Internet Explorer 5.01 SP4, 6, 6 SP1, and 7

A remote code-execution vulnerability affects Internet Explorer when handling transitions between web pages.

 An attacker can exploit this issue by tricking a victim into viewing a web page containing malicious content.

Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-4841

 

BID:

32718

 

Microsoft ID:

MS09-010

 

MSKB:

960477

 

Microsoft Rating:

Important

Microsoft WordPad Text Converter Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Windows 2000 SP4

 Windows XP SP2

, Windows XP Professional x64 Edition

Windows XP Professional x64 Edition SP2

 Windows Server 2003 SP1 and SP2

, Windows Server 2003 x64 Edition

 Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems

 

A previously disclosed (December 9, 2008) remote code-execution vulnerability affects the WordPad text converter when processing a file with a malformed list structure.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0235

 

BID:

34470

 

Microsoft ID:

MS09-010

 

MSKB:

960477

 

Microsoft Rating:

Important

WordPad Word 97 Text Converter Stack Overflow Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Windows 2000 SP4

 Windows XP SP2 and SP3

Windows XP Professional x64 Edition, Windows XP Professional x64 Edition SP2

Windows Server 2003 SP1 and SP2

, Windows Server 2003 x64 Edition

 Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems.

A remote code-execution vulnerability affects the WordPad text converter.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious Word file with WordPad.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

 

AV:

Bloodhound.Exploit.232

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0080

 

BID:

34444

 

Microsoft ID:

MS09-012

 

MSKB:

959454

 

Microsoft Rating:

Important

Windows Thread Pool ACL Weakness Vulnerability

 

Local Elevation of Privilege Vulnerability

 

This vulnerability affects the following products:

Windows Vista

Windows Vista SP1

 Windows Vista x64 Edition

Windows Vista x64 Edition SP1

Windows Server 2008 for 32-bit Systems, x64-based Systems, and Itanium-based Systems.

A local privilege-escalation vulnerability affects Windows ThreadPool because it places incorrect access control lists (ACLs) on threads.

A local attacker can exploit this issue to execute arbitrary code with 'LocalSystem' privileges.

A successful exploit will result in a complete compromise of an affected computer.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0079

 

BID:

34443

 

Microsoft ID:

MS09-012

 

MSKB:

34443

 

Microsoft Rating:

Important

Windows RPCSS Service Isolation Vulnerability

 

Local Elevation of Privilege Vulnerability

 

This vulnerability affects the following products:

Windows XP SP2 and SP3

Windows XP Professional x64 Edition

Windows XP Professional x64 Edition SP2

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64 Edition

Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems.   

A local privilege-escalation vulnerability affects the RPCSS service because it fails to properly isolate processes that run under the 'NetworkService' and 'LocalService' accounts.

An attacker can exploit this issue by running code with ‘NetworkService’ or ‘LocalService’ privileges, to access other processes with the ability to elevate their privileges, to ultimately execute code with ‘LocalSystem’ privileges.

A successful exploit will result in a complete compromise of an affected computer.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0078

 

BID:

34442

 

Microsoft ID:

MS09-012

 

MSKB:

959454

 

Microsoft Rating:

Important

 

Windows WMI Service Isolation Vulnerability

 

Local Elevation of Privilege Vulnerability

 

This vulnerability affects the following products:

Windows XP SP2 and SP3

Windows XP Professional x64 Edition

Windows XP Professional x64 Edition SP2

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64 Edition

Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems

Windows Vista

Windows Vista SP1

Windows Vista x64 Edition

Windows Vista x64 Edition SP1

Windows Server 2008 for 32-bit Systems, x64-based Systems, and Itanium-based Systems.

A local privilege-escalation vulnerability affects Windows Management Instrumentation (WMI) because it fails to properly isolate processes that run under the 'NetworkService' and 'LocalService' accounts.

A local attacker with 'NetworkService' or 'LocalService' account access may be able to exploit this issue to gain access to 'SYSTEM' tokens in WMI.

A successful exploit will result in a complete compromise of an affected computer.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-1436

 

BID:

28833

 

Microsoft ID:

MS09-012

 

MSKB:

959454

 

Microsoft Rating:

Important

Microsoft Windows SeImpersonatePrivilege Local Privilege Escalation Vulnerability

 

Local Elevation of Privilege Vulnerability

 

This vulnerability affects the following products:

Windows 2000 SP4, Windows XP SP2 and SP3

 Windows XP Professional x64 Edition\Windows XP Professional x64 Edition SP2

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64 Edition

Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems

Windows Vista

Windows Vista SP1

Windows Vista x64 Edition

Windows Vista x64 Edition SP1

Windows Server 2008 for 32-bit Systems, x64-based Systems, and Itanium-based Systems

A previously disclosed (Apr 17, 2008) local privilege-escalation vulnerability affects Microsoft Distributed Transaction Coordinator (MSDTC) transaction facility.

The problem occurs because the service leaves a 'NetworkService' token that can be impersonated by other processes calls into it.

Specifically, a process with 'SeImpersonatePrivilege' can elevate its privileges to the 'NetworkService' account and execute arbitrary code with the elevated privileges.

Successful attacks could aid in the complete compromise of affected computers.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0089

 

BID:

34437

 

Microsoft ID:

MS09-013

 

MSKB:

960803

 

Microsoft Rating:

Important

HTTP Services Certificate Name Mismatch Vulnerability

 

Spoofing Vulnerability

 

This vulnerability affects the following products:

Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Professional x64 Edition, Windows XP Professional x64 Edition SP2

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64 Edition

Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems

Windows Vista

Windows Vista SP1

Windows Vista x64 Edition

Windows Vista x64 Edition SP1

Windows Server 2008 for 32-bit Systems, x64-based Systems, and Itanium-based Systems

A spoofing vulnerability affects Windows HTTP services (WinHTTP API) because it fails to properly validate the fully qualified domain name of the URL against the certificate of the final destination site.

An attacker that can redirect traffic to an alternate site (through DNS poisoning, or other means) can exploit this issue to impersonate the intended site without the knowledge of the victim.

Successful exploits will aid in phishing style attacks; other attacks are also possible.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0550

 

BID:

34439

 

Microsoft ID:

MS09-014

 

MSKB:

963027

 

Microsoft Rating:

Important

WinINet Remote Code Execution vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Internet Explorer 5.01 SP4, 6, 6 SP1, and 7

A remote code-execution vulnerability affects the WinINet component of Internet Explorer because the service does not correctly handle NTLM credentials.

This issue is similar to the vulnerability discussed in BID 7385 (Microsoft Windows SMB Credential Reflection Vulnerability).

An attacker that can trick a victim into visiting a malicious website, can reflect the victim’s credentials back, and potentially gain access to the victim’s computer.

 

Note: This issue is also being addressed in MS09-013 Vulnerabilities in Windows HTTP services could allow Remote Code Execution (960803)

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0077

 

BID:

34414

 

Microsoft ID:

MS09-016

 

MSKB:

961759

 

Microsoft Rating:

Important

Web Proxy TCP State Limited Denial of Service

 

Denial of Service Vulnerability

 

This vulnerability affects the following products:

Microsoft Internet Security and Acceleration Server 2004 Standard SP3

Microsoft Internet Security and Acceleration Server 2004 Enterprise SP3

Microsoft Internet Security and Acceleration Server 2006 Standard Supportability Update

Microsoft Internet Security and Acceleration Server  2006 Standard SP1

Microsoft Internet Security and Acceleration Server  2006 Enterprise

Microsoft Internet Security and Acceleration Server  2006 Enterprise SP1

Microsoft Forefront Threat Management Gateway Medium Business Edition

 

A remote denial-of-service vulnerability affects Microsoft ISA Server and Forefront Threat Management Gateway due to how they handle the TCP state for web proxy listeners.

Specifically, the state management does not properly handle session state correctly resulting in multiple orphaned sessions.

An attacker can exploit this issue by sending specially crafted network data to an affected server.

Successful exploits will cause the service to become unresponsive.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-2540

 

BID:

29445

 

Microsoft ID:

MS09-014

 

MSKB:

963027

 

Microsoft Rating:

Moderate

Blended Threat Remote Code Execution Vulnerability

 

Elevation of Privilege Vulnerability

 

This vulnerability affects the following products:

Windows 2000 SP4

 Windows XP SP2 and SP3, Windows XP Professional x64 Edition

Windows XP Professional x64 Edition SP2

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64 Edition

Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems

Windows Vista

Windows Vista SP1

Windows Vista x64 Edition

Windows Vista x64 Edition SP1

Windows Server 2008 for 32-bit Systems, x64-based Systems, and Itanium-based Systems.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

 

Note: Microsoft is also addressing this issue in MS-KB-959426.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-2540

 

BID:

29445

 

Microsoft ID:

MS09-015

 

MSKB:

959426

 

Microsoft Rating:

Moderate

Apple Safari and Microsoft Windows Client-side Code Execution Vulnerability 

 

Elevation of Privilege Vulnerability

 

This vulnerability affects the following products:

Windows 2000 SP4

 Windows XP SP2 and SP3, Windows XP Professional x64 Edition

Windows XP Professional x64 Edition SP2

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64 Edition

Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems

Windows Vista

Windows Vista SP1

Windows Vista x64 Edition

Windows Vista x64 Edition SP1

Windows Server 2008 for 32-bit Systems, x64-based Systems, and Itanium-based Systems.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

 

Note: Microsoft is addressing this issue in the cumulative update for Internet Explorer as well.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0237

 

BID:

34416

 

Microsoft ID:

MS09-016

 

MSKB:

961759

 

Microsoft Rating:

Moderate

Cross Site Scripting Vulnerability

 

Scripting Vulnerability

 

This vulnerability affects the following products:

Microsoft Internet Security and Acceleration Server 2006 Standard Supportability Update

 Microsoft Internet Security and Acceleration Server         2006 Standard SP1

Microsoft Internet Security and Acceleration Server 2006 Enterprise

Microsoft Internet Security and Acceleration Server

Microsoft Internet Security and Acceleration Server 2006 Enterprise SP1

Microsoft Forefront Threat Management Gateway Medium Business Edition

A cross-site scripting vulnerability affects ISA Server and Forefront Threat Management Gateway because they fail to properly validate user-supplied input to the ‘cookieauth.dll’ component.

 An attacker can exploit this issue by tricking a unsuspecting victim into following a malicious URL.

Successful exploits will result in the execution of arbitrary script code in the context of the affected site.

Sig ID: 23324

 

Detected as "HTTP MS ISA Server XSS"

 

Applicability:

NIS/NAV 2008/2009 (SU156)

NIS/NAV Pre 2008 (SU190)

SCS (SU198) SEP (SU100)

SNS (SU108)

SGS (SU72)   

AV:

N/A

 

Sygate IDS:

N/A

 

 




Legacy ID



2007010813564748


Article URL http://www.symantec.com/docs/TECH138062


Terms of use for this information are found in Legal Notices