Reported November 9, 2004, by Microsoft

VERSIONS AFFECTED

  • Microsoft Proxy Server 2.0
  • Microsoft ISA Server 2000

DESCRIPTION
A spoofing vulnerability exists in Microsoft Proxy Server 2.0 and Microsoft Internet Security and Acceleration (ISA) Server 2000 that could enable a potential attacker to spoof trusted Internet content. Users would think that they're accessing trusted Internet content when they're actually visiting a malicious Web site.

VENDOR RESPONSE
Microsoft has released Security Bulletin MS04-039 "Vulnerability in ISA Server 2000 and Proxy Server 2.0 Could Allow Internet Content Spoofing (888258)" to address this vulnerability and recommends that affected users immediately apply the appropriate patch listed in the bulletin.

CREDIT
Discovered by Martijn de Vries and Thomas de Klerk of Info Support.