Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0015

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2006-0015
Last Modified 07 Mar 2011 09:29:10
Published 11 Apr 2006 07:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-0015

Summary

Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.

Vulnerable Systems

Application

  • Microsoft Frontpage Server Extensions 2002

  • Microsoft Sharepoint Team Services


References

BID - 17452

MS - MS06-017

MISC - http://www.argeniss.com/research/ARGENISS-ADV-040602.txt

SECTRACK - 1015896

SECTRACK - 1015895

SECUNIA - 19623

VUPEN - ADV-2006-1322

BUGTRAQ - 20060412 Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting

XF - fpse-html-xss(25537)

SREASON - 704


Last Updated: 27 May 2016 10:41:29