VYPR

Internet Security And Acceleration Server

by Microsoft

CVEs (13)

  • CVE-2009-0077Apr 15, 2009
    risk 0.06cvss epss 0.79

    The firewall engine in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2004 SP3, 2006, 2006 Supportability Update, and 2006 SP1; does not properly manage the session state of web listeners,…

  • CVE-2003-0526Aug 18, 2003
    risk 0.05cvss epss 0.22

    Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages…

  • CVE-2003-0819Feb 17, 2004
    risk 0.03cvss epss 0.41

    Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225…

  • CVE-2009-2496Aug 12, 2009
    risk 0.02cvss epss 0.29

    Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and…

  • CVE-2009-0562Aug 12, 2009
    risk 0.02cvss epss 0.26

    The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and…

  • CVE-2009-1135Jul 15, 2009
    risk 0.02cvss epss 0.26

    Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving…

  • CVE-2009-0237Apr 15, 2009
    risk 0.02cvss epss 0.23

    Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2006, 2006 Supportability Update, and…

  • CVE-2007-1201Mar 11, 2008
    risk 0.02cvss epss 0.29

    Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability."

  • CVE-2005-1907May 31, 2005
    risk 0.02cvss epss 0.19

    The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic.

  • CVE-2007-4991Sep 21, 2007
    risk 0.01cvss epss 0.16

    The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information (the destination IP address of another user's session) via an empty packet.

  • CVE-2006-7027Feb 23, 2007
    risk 0.01cvss epss 0.15

    Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks.

  • CVE-2001-0546Sep 20, 2001
    risk 0.01cvss epss 0.17

    Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data.

  • CVE-2001-0547Sep 20, 2001
    risk 0.00cvss epss 0.02

    Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion).