CVE-2004-0892
First published: Tue Nov 16 2004(Updated: )
Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Internet Security and Acceleration Server | =2000-sp1 | |
| Microsoft Proxy Server | =2.0 | |
| Microsoft Internet Security and Acceleration Server | =2000 | |
| Microsoft Proxy Server | =2.0-sp1 | |
| Microsoft Internet Security and Acceleration Server | =2000-sp2 | |
| Microsoft Windows Server 2003 | =2003 | |
| Microsoft Windows Server 2003 | =2000 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/11605
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17906
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4859
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4264
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-039
Frequently Asked Questions
What is the severity of CVE-2004-0892?
CVE-2004-0892 has a severity rating that indicates it can allow remote attackers to spoof trusted content, which could pose security risks.
How do I fix CVE-2004-0892?
To fix CVE-2004-0892, it is recommended to apply the latest patches and updates provided by Microsoft for the affected software.
What software is affected by CVE-2004-0892?
CVE-2004-0892 affects Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000, including their respective service packs.
What are the implications of CVE-2004-0892 for users?
The implications of CVE-2004-0892 for users include the potential exposure to spoofed web content, which can lead to phishing attacks and information theft.
How can CVE-2004-0892 be exploited by attackers?
Attackers can exploit CVE-2004-0892 by using spoofed reverse DNS lookups to present malicious web content as trustworthy.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/references
- agent/last-modified-date
- agent/severity
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- vendor/microsoft
- product/isa server
- canonical/microsoft isa server
- product/proxy server
- canonical/microsoft proxy server
- product/windows 2003 server
- canonical/microsoft windows 2003 server
- agent/software-canonical-lookup-request
- collector/nvd-index
- canonical/microsoft internet security and acceleration server
- version/microsoft internet security and acceleration server/2000-sp1
- version/microsoft proxy server/2.0
- version/microsoft internet security and acceleration server/2000
- version/microsoft proxy server/2.0-sp1
- version/microsoft internet security and acceleration server/2000-sp2
- canonical/microsoft windows server 2003
- version/microsoft windows server 2003/2003
- version/microsoft windows server 2003/2000