Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

[SNS Advisory No.56] TSAC Web package/IIS 5.1 connect.asp Cross-site Scripting Vulnerability

From: snsadv () lac co jp
Date: Fri, 11 Oct 2002 14:11:24 +0900
----------------------------------------------------------------------
SNS Advisory No.56
TSAC Web package/IIS 5.1 connect.asp Cross-site Scripting Vulnerability

Problem first discovered: Wed, 17 Apr 2002
Published: Fri, 11 Oct 2002
Reference: http://www.lac.co.jp/security/english/snsadv_e/56_e.html
----------------------------------------------------------------------

Overview:
---------
  A cross-site scripting vulnerability in the ASP file has been reported
  in the TSAC Web package and Remote Desktop Web Connection, which is an
  option component of IIS 5.1. 

Description:
------------
  Microsoft Terminal Services Advanced Client (TSAC) is an ActiveX control
  that can be used to run Terminal Services sessions within Microsoft 
  Internet Explorer.  
  The TSAC Web package, which can be installed on Internet Information 
  Service 4.0 and later versions, ships with a downloadable ActiveX Control
  and sample Web pages for Internet Explorer. 
  As an option, Windows XP Professional Edition includes IIS 5.1, which
  provides the Remote Desktop Web Connection component.  This component
  is installed by default with IIS 5.1.
  A cross-site scripting vulnerability has been found in the connect.asp
  shipped with the TSAC Web package and the Remote Desktop Web Connection.
  The problem occurs due to the fact that connect.asp does not properly
  sanitize external input.  

Tested versions:
----------------
  TSAC Web package (TSWEBSETUP.EXE)
  Internet Information Services 5.1

Tested OS:
----------
  Windows 2000 Server [Japanese]
  Windows XP Professional Edition [Japanese]

Solution:
---------
  Solution is available at:
  Q327521 : MS02-046: Buffer Overrun in TSAC ActiveX Control Might Allow Code Execution
  http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q327521

Discovered by:
--------------
  ARAI Yuu  y.arai () lac co jp

Acknowledgements:
-----------------
  Thanks to:
  Microsoft Security Response Center
  Security Response Team of Microsoft Asia Limited

Disclaimer:
-----------
  All information in these advisories are subject to change without any
  advanced notices neither mutual consensus, and each of them is released
  as it is. LAC Co.,Ltd. is not responsible for any risks of occurrences
  caused by applying those information. 

------------------------------------------------------------------
SecureNet Service(SNS) Security Advisory <snsadv () lac co jp>
Computer Security Laboratory, LAC  http://www.lac.co.jp/security/
Previous By Date Next
Previous By Thread Next

Current thread: