Spoofing Vulnerability in Microsoft Proxy Server and ISA Server
CVE-2004-0892

Currently unrated

Key Information:

Vendor: Microsoft
Status: Isa Server; Proxy Server
Vendor: CVE Published:; 27 January 2005

What is CVE-2004-0892?

A vulnerability in Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 enables remote attackers to exploit spoofed reverse DNS lookup results. This allows them to present untrusted Internet content as if it were from a trusted source via specially crafted web pages. Both Small Business Server 2000 and Small Business Server 2003 Premium Edition are affected, potentially exposing users to phishing attempts and other malicious activities.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://exchange.xforce.ibmcloud.com/vulnerabilities/17906

vdb-entryx_refsource_XF

EPSS Score

13% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 27, 2005
Vulnerability Reserved
Sep 22, 2004