Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » [SNS Advisory No.56] TSAC Web package/IIS 5.1 connect.asp Cross-site Scripting V

[SNS Advisory No.56] TSAC Web package/IIS 5.1 connect.asp Cross-site Scripting V

by Nikola Strahija on October 12th, 2002 A cross-site scripting vulnerability in the ASP file has been reported in the TSAC Web package and Remote Desktop Web Connection, which is an option component of IIS 5.1.


Description:
------------
Microsoft Terminal Services Advanced Client (TSAC) is an ActiveX control
that can be used to run Terminal Services sessions within Microsoft
Internet Explorer.
The TSAC Web package, which can be installed on Internet Information
Service 4.0 and later versions, ships with a downloadable ActiveX Control
and sample Web pages for Internet Explorer.
As an option, Windows XP Professional Edition includes IIS 5.1, which
provides the Remote Desktop Web Connection component. This component
is installed by default with IIS 5.1.
A cross-site scripting vulnerability has been found in the connect.asp
shipped with the TSAC Web package and the Remote Desktop Web Connection.
The problem occurs due to the fact that connect.asp does not properly
sanitize external input.

Tested versions:
----------------
TSAC Web package (TSWEBSETUP.EXE)
Internet Information Services 5.1

Tested OS:
----------
Windows 2000 Server [Japanese]
Windows XP Professional Edition [Japanese]

Solution:
---------
Solution is available at:
Q327521 : MS02-046: Buffer Overrun in TSAC ActiveX Control Might Allow Code Execution
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q327521

Discovered by:
--------------
ARAI Yuu [email protected]

Acknowledgements:
-----------------
Thanks to:
Microsoft Security Response Center
Security Response Team of Microsoft Asia Limited

Disclaimer:
-----------
All information in these advisories are subject to change without any
advanced notices neither mutual consensus, and each of them is released
as it is. LAC Co.,Ltd. is not responsible for any risks of occurrences
caused by applying those information.

------------------------------------------------------------------
SecureNet Service(SNS) Security Advisory
Computer Security Laboratory, LAC http://www.lac.co.jp/security/


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »