=====================================================================
                                     CERT-Renater

                          Note d'Information No. 2007/VULN196
_____________________________________________________________________

DATE                      : 11/04/2007

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Microsoft Content Management Server.

======================================================================

MS07-018 - Vulnerabilities in Microsoft Content Management Server Could
            Allow Remote Code Execution (925939)

Affected Software:
    -Microsoft Content Management Server 2001 Service Pack 1
    -Microsoft Content Management Server 2002 Service Pack 2

Full MS07-018 advisory:
    http://www.microsoft.com/technet/security/bulletin/ms07-018.mspx


Vulnerability Details

CMS Memory Corruption Vulnerability - CVE-2007-0938

     A remote code execution vulnerability exists in Content Management
     Server because of the way that it handles a specially crafted HTTP request.

     An attacker who successfully exploited this vulnerability could take
     complete control of an affected system. An attacker could then install
     programs; view, change, or delete data; or create new accounts with
     full user rights.

Cross-site Scripting and
Spoofing Vulnerability in CMS Vulnerability - CVE-2007-0939

     A cross-site scripting and spoofing vulnerability exists in Microsoft
     Content Management Server (MCMS). The vulnerability could allow the
     injection of a client-side script in the user's browser. In a Web-based
     attack scenario a compromised Web site could accept or host
     user-provided content or advertisements which could contain specially
     crafted content that could exploit this vulnerability.

     The script could take any action on the user's behalf that the Web
     site is authorized to take. This could include monitoring the Web
     session and forwarding information to a third party, running other
     code on the user's system, and reading or writing cookies.

     It may also be possible for an attacker to exploit this vulnerability
     to modify Web browser caches and intermediate proxy server caches,
     and put spoofed content in those caches.

======================================================================

            =========================================================
            Les serveurs de référence du CERT-Renater
            http://www.urec.fr/securite
            http://www.cru.fr/securite
            http://www.renater.fr
            =========================================================
            + CERT-RENATER          | tel : 01-53-94-20-44          +
            + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
            + 75013 Paris           | email: certsvp@renater.fr     +
            =========================================================