In a security bulletin posted yesterday, Microsoft revealed the
discovery of three flaws in the company’s Content Manager Server,
an application which simplifies the development and management of
e-business web sites. The flaws could potentially be exploited by
hackers to take control of servers and authentication systems.
The first vulnerability was detected in a feature which allows
web site owners to restrict access to certain sites. According to
Microsoft’s security bulletin, “by sending a specially chosen
request to an affected server, an attacker could either disrupt web
services or gain the ability to run a program on the server”. Such
a program could run with full system privileges and “be capable of
taking any action the attacker desired”.
The second flaw relates to the way that the web-authoring
function uploads files and the third was found in the server’s
database features.
The flaws could allow hackers to attack computers running
Windows, Unix operating systems and Mac OS X.
