The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Microsoft Forefront Threat Management Gateway

computer vulnerability bulletin CVE-2014-2779

Microsoft Malware Protection Engine: denial of service

Synthesis of the vulnerability

An attacker can send a malicious file to the Microsoft Malware Protection Engine, in order to trigger a denial of service.
Impacted products: Forefront Security for Exchange Server, Forefront Threat Management Gateway, Forefront Unified Access Gateway, SCCM, SCOM, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista, Windows XP.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: document.
Creation date: 18/06/2014.
Identifiers: 2974294, CVE-2014-2779, VIGILANCE-VUL-14908.

Description of the vulnerability

The Microsoft Malware Protection Engine analyzes files searching for malware.

However, a malicious file locks this engine.

An attacker can therefore send a malicious file to the Microsoft Malware Protection Engine, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2011-1889

Microsoft Forefront TMG 2010 Client: code execution

Synthesis of the vulnerability

An attacker can invite the victim to send malicious queries via Microsoft Forefront Threat Management Gateway 2010 Client, in order to execute code on his computer.
Impacted products: Forefront Threat Management Gateway.
Severity: 4/4.
Consequences: administrator access/rights.
Provenance: internet server.
Creation date: 15/06/2011.
Identifiers: 2520426, BID-48181, CERTA-2011-AVI-348, CVE-2011-1889, MS11-040, VIGILANCE-VUL-10734.

Description of the vulnerability

The Microsoft Forefront Threat Management Gateway 2010 Client product can be installed on users' computers, and communicates with the firewall Microsoft Forefront Threat Management Gateway 2010 in order to filter queries before they are sent on the network.

The NSPLookupServiceBegin() and NSPLookupServiceNext() methods are used for WinSock resolution queries. They are used by Microsoft Forefront TMG 2010 Client. However, the NSPLookupServiceNext() method does not correctly validate the query, so an overflow occurs.

An attacker can therefore invite the victim to send malicious queries via Microsoft Forefront Threat Management Gateway 2010 Client, in order to execute code on his computer.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Microsoft Forefront Threat Management Gateway: