The most serious vulnerability lies in a user authentication function of the application. An attacker could get complete control over the system running the software by entering malformed data into a Web page that uses this authentication function. Such a Web page is part of the default Content Management Server 2001 installation, Microsoft said in an advisory yesterday.
Installing URLscan, a software tool recommended by Microsoft, will probably protect servers running Content Management Server 2001 from an attacker, but the system can still be caused to fail, Microsoft noted.
A second vulnerability in Content Management Server 2001 lies in a Web authoring feature. An attacker can upload a program to the Web server and execute it. This will not give the attacker full control over the server because of security features in Microsoft's Web server software, but it could be a starting point to try to gain additional privileges, Microsoft said.
Content Management Server 2001 is, typically, installed on servers running Microsoft's Internet Information Server 5.0 for Web server support and SQL Server 7.0 or 2000 as the database, Microsoft said.
The third vulnerability now patched by Microsoft exists in the database features of Content Management Server 2001. An attacker could take any action on the database and run some operating system commands as well, but with limited privileges, Microsoft said.
Microsoft urges Content Management Server 2001 users to apply the patch "immediately".
Earlier versions of the content management software may be affected, but are no longer supported, Microsoft said. More information can be found in Microsoft's security bulletin MS02-041 www.microsoft.com/technet/security/bulletin/MS02-041.asp.