Microsoft Forefront Unified Access Gateway Java Applet Signed Code Execution

Added: 10/17/2011
CVE: CVE-2011-1969
BID: 49983
OSVDB: 76236

Background

Microsoft Forefront Unified Access Gateway (UAG) is a reverse proxy and VPN solution.

Problem

End users of UAG must install a signed Java applet via MicrosoftClient.jar. This applet loads unsigned Java classes, which may allow an attacker to utilize the UAG client to execute arbitrary Java code on the client's system.

Resolution

To blacklist the JAR file, edit the Java\jre6\lib\security\blacklist file under the Java install path of the client system. Add the following:
# UAG Client MicrosoftClient.jar
SHA1-Digest-Manifest: dBKbNW1PZSjJ0lGcCeewcCrYx5g=

To update the vulnerable JAR file, apply Microsoft Security Update MS11-079 on the UAG server and all clients.

References

http://technet.microsoft.com/en-us/security/bulletin/MS11-079

Limitations

This exploit has been tested against Microsoft Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

Platforms

Windows

Back to exploit index