MS03-002: Cumulative Patch for Microsoft Content Management Server (810487)


The information in this article applies to:

  • Microsoft Content Management Server 2001

SUMMARY

Microsoft Content Management Server (MCMS) 2001 is an Enterprise Server product that simplifies developing and managing e-commerce Web sites. MCMS includes a number of pre-defined Active Server Pages (ASP) Web pages that allow Web site operators to quickly set up e-business Web sites.

A cross-site scripting flaw exists in one of these ASP pages. The flaw can permit an attacker to insert script in the data that is being sent to an MCMS server. Because the server generates a Web page in response to a user request that is made by using this page, the script may be embedded in the page that MCMS generates and returns to the user. If this occurs, the script may then be run when it is processed by the user's browser. Because of this, attacker may be able to access information that the user shared with the legitimate site.

An attacker may try to exploit this flaw by crafting a malicious link to a valid site that the user intended to visit. If the attacker persuades a user to click the link-most likely by sending the link in an e-mail message-the attacker may then be able to take a variety of actions. The attacker may change the data that appeared to be contained on the Web pages that were presented by the legitimate site, monitor the user's session with the legitimate site and copy personal data from the legitimate site to a site under the attacker's control, or access the legitimate site's cookies.

Microsoft has released a patch for MCMS 2001. This patch eliminates this security vulnerability and also resolves the problems that are described in the following Microsoft Knowledge Base articles:

326075 MS02-041: Microsoft Content Management Server 2001 Security Update

302114 "Resource Replace Failure" Error When You Replace an Item with a Renamed Item

326085 Content Not Refreshed on Cluster Environment

326937 Hyperlinks Are Not Updated Correctly with Web Author

328119 Cannot Modify Background Processing Time Lapse Setting After You Apply SRP1

328851 Cannot Stop Background Processing


MORE INFORMATION

Download Information

The following file is available for download from the Microsoft Download Center:
DownloadDownload the 810487 package now. Release Date: January 22, 2003

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to Obtain Microsoft Support Files from Online Services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

Installation Information

This update requires Microsoft Content Management Server 2001 Service Pack 1. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

313957 How to Obtain the Latest Content Management Server 2001 Service Pack

You do not have to restart your computer after you apply this update. This update does not support any setup switches.

File Information

The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel. 

   Date         Time   Version            Size    File name
   ----------------------------------------------------------------------------------------------
   12-Nov-2002  21:19                      8,170  Accessconfigdlg.asp
   12-Nov-2002  21:19                     12,744  Aecm.asp
   16-Dec-2002  22:13  4.1.1106.0        338,944  Aeinterfaces.dll  
   16-Dec-2002  22:14  4.1.1106.0        146,432  Aesecurityservice.exe  
   16-Dec-2002  22:14  4.1.1106.0      1,132,544  Aeserverobject.dll  
   16-Dec-2002  22:13  4.1.1106.0         79,360  Aeusrmgr.dll     
   12-Nov-2002  21:19                      5,832  Attachmentselectbrowse.asp
   12-Nov-2002  21:19                      5,047  Authoringmodehooks.inc
   12-Nov-2002  21:19                     10,576  Cacheconfigdlg.asp
   12-Nov-2002  21:19                      4,695  Channeleopmodifyshow.asp
   12-Nov-2002  21:19                     24,100  Cncasppagemanager_approvalassistant.inc
   12-Nov-2002  21:19                     13,720  Cncasppagemanager_attachmentgalleries.inc
   12-Nov-2002  21:19                      5,903  Cncasppagemanager_attachmentlocalproperties.inc
   12-Nov-2002  21:19                      8,490  Cncasppagemanager_attachmentproperties.inc
   12-Nov-2002  21:19                      3,170  Cncasppagemanager_attachmentpropertiesonly.inc
   12-Nov-2002  21:19                     15,580  Cncasppagemanager_attachmentresources.inc
   12-Nov-2002  21:19                     13,157  Cncasppagemanager_cacheconfig.inc
   12-Nov-2002  21:19                      2,976  Cncasppagemanager_channelname.inc
   12-Nov-2002  21:19                     15,170  Cncasppagemanager_generalconfig.inc
   12-Nov-2002  21:19                     13,230  Cncasppagemanager_imagegalleries.inc
   12-Nov-2002  21:19                      5,674  Cncasppagemanager_imagelocalproperties.inc
   12-Nov-2002  21:19                      8,308  Cncasppagemanager_imageproperties.inc
   12-Nov-2002  21:19                      3,262  Cncasppagemanager_imagepropertiesonly.inc
   12-Nov-2002  21:19                     15,313  Cncasppagemanager_imageresources.inc
   12-Nov-2002  21:19                      2,383  Cncasppagemanager_internallinksdlg.inc
   12-Nov-2002  21:19                     13,387  Cncasppagemanager_newpagesave.inc
   12-Nov-2002  21:19                      9,896  Cncasppagemanager_pagecompare.inc
   12-Nov-2002  21:19                      4,626  Cncasppagemanager_pagecopyacceptor.inc
   12-Nov-2002  21:19                      3,605  Cncasppagemanager_pagecopydlg.inc
   12-Nov-2002  21:19                     10,939  Cncasppagemanager_pagelifecycleop.inc
   12-Nov-2002  21:19                      4,569  Cncasppagemanager_pagemoveacceptor.inc
   12-Nov-2002  21:19                      3,605  Cncasppagemanager_pagemovedlg.inc
   12-Nov-2002  21:19                     14,952  Cncasppagemanager_pagesapprovedecline.inc
   12-Nov-2002  21:19                      4,138  Cncasppagemanager_resourcecreate.inc
   12-Nov-2002  21:19                      6,641  Cncasppagemanager_resourcecreateacceptor.inc
   12-Nov-2002  21:19                      4,879  Cncasppagemanager_resourcedelete.inc
   12-Nov-2002  21:19                      3,350  Cncasppagemanager_resourceproperties.inc
   12-Nov-2002  21:19                      5,429  Cncasppagemanager_resourcepropertiessave.inc
   12-Nov-2002  21:19                      3,487  Cncasppagemanager_resourcereplace.inc
   12-Nov-2002  21:19                      6,861  Cncasppagemanager_resourcereplaceacceptor.inc
   12-Nov-2002  21:19                     14,091  Cncasppagemanager_resourcesbrowse.inc
   12-Nov-2002  21:19                      2,621  Cncasppagemanager_securityalertacceptor.inc
   12-Nov-2002  21:19                     15,466  Cncasppagemanager_securityconfig.inc
   12-Nov-2002  21:19                     11,619  Cncasppagemanager_templatebrowse.inc
   12-Nov-2002  21:19                     12,650  Cncasppagemanager_templategalleriesbrowse.inc
   12-Nov-2002  21:19                     13,324  Cncasppagemanager_videogalleries.inc
   12-Nov-2002  21:19                      5,568  Cncasppagemanager_videolocalproperties.inc
   12-Nov-2002  21:19                     15,529  Cncasppagemanager_videoresources.inc
   12-Nov-2002  21:19                     10,175  Cncasppagemanager_webserverconfig.inc
   12-Nov-2002  21:19                     16,325  Cncgridcontrol.inc
   12-Nov-2002  21:19                      5,914  Cncgriddecorator_templatebrowse.inc
   12-Nov-2002  21:19                      6,708  Cncgriddecorator_templategalleriesbrowse.inc
   12-Nov-2002  21:19                      6,926  Cncpagingconfigcontrol.inc
   12-Nov-2002  21:19                      6,768  Cncpagingcontrol.inc
   12-Nov-2002  21:19                     10,744  Cncstatecontrol.inc
   12-Nov-2002  21:19                      7,996  Cnctabrenderer_scaaccessconfig.inc
   12-Nov-2002  21:19                      6,792  Cnctabrenderer_scacacheconfig.inc
   12-Nov-2002  21:19                      6,668  Cnctabrenderer_scageneralconfig.inc
   12-Nov-2002  21:19                      5,224  Cnctabrenderer_scalicenseconfig.inc
   12-Nov-2002  21:19                      6,506  Cnctabrenderer_scasecurityconfig.inc
   12-Nov-2002  21:19                      5,660  Cnctabrenderer_scawebserverconfig.inc
   12-Nov-2002  21:19                     15,927  Cnctreecontrol.inc
   12-Nov-2002  21:19                      4,585  Cnctreerenderer_channelsbrowse.inc
   12-Nov-2002  21:19                      3,909  Cnctreerenderer_templategalleriesbrowse.inc
   06-Dec-2002  23:35                     18,960  Commonserver.inc
   12-Nov-2002  21:19                      7,802  Commonserver_rt.inc
   12-Nov-2002  21:19                      5,073  Commonurlhooks.inc
   12-Nov-2002  21:19                     14,515  Deditor.asp
   12-Nov-2002  21:19                      2,344  Defaultsitemodeswitchui.inc
   12-Nov-2002  21:19                      1,897  Editorupload.asp
   12-Nov-2002  21:19                     12,672  Editsiteopshooks.inc
   12-Nov-2002  21:19                     23,688  Emitterthineditie_activex.inc
   16-Dec-2002  22:13  4.1.1106.0         69,632  Enummembership.dll  
   12-Nov-2002  21:19                      4,623  Eopcurrentvalueshow.asp
   12-Nov-2002  21:19                      5,207  Filesystemfolderbrowserdlg.asp
   12-Nov-2002  21:19                      8,515  Generalconfigdlg.asp
   12-Nov-2002  21:19                      5,548  Imageselectbrowse.asp
   12-Nov-2002  21:19                        434  Important.asp
   12-Nov-2002  21:19                      2,923  Login.asp
   12-Nov-2002  21:19                      4,953  Manuallogin.asp
   16-Dec-2002  22:14  4.1.1106.0        111,104  Ncaspextensions.dll  
   16-Dec-2002  22:13  4.1.1106.0        146,432  Ncbmprdr.dll     
   25-Nov-2002  21:38                    228,289  Nrdhtml.cab
   12-Nov-2002  21:19                      1,248  Nrformslogin.asp
   16-Dec-2002  22:13  4.1.1106.0        154,112  Nrmsgres.dll     
   12-Nov-2002  21:19                        817  Nrsiteservermessage.asp
   12-Nov-2002  21:19                     12,395  Ntuserbrowsedlg.asp
   12-Nov-2002  21:19                      3,446  Pagerevisioncomparedlg.asp
   12-Nov-2002  21:19                      7,188  Pagerevisioncompareinfo.asp
   12-Nov-2002  21:19                      2,667  Pagerevisiondlg.asp
   12-Nov-2002  21:19                      6,063  Pagerevisionerrordlg.asp
   12-Nov-2002  21:19                     12,753  Pagerevisionserver.inc
   12-Nov-2002  21:19                     11,965  Pagesapprovedecline.asp
   12-Nov-2002  21:19                        578  Placeholderssupport.inc
   12-Nov-2002  21:19                      2,787  Postingcreationhooks.inc
   12-Nov-2002  21:19                      5,878  Postingeopmodifyshow.asp
   12-Nov-2002  21:19                      8,970  Progress.asp
   16-Dec-2002  22:14  4.1.1106.0      1,125,888  Resolutionobjectmodel.dll  
   12-Nov-2002  21:19                      7,467  Resourcedelete.asp
   12-Nov-2002  21:19                      1,586  Resourcemanagerhooks.inc
   12-Nov-2002  21:19                     10,325  Resourcereport.asp
   12-Nov-2002  21:19                     10,519  Resourcesbrowse.asp
   12-Nov-2002  21:19                      3,519  Resupload.asp
   12-Nov-2002  21:19                     13,968  Sdreportinitialize.inc
   12-Nov-2002  21:19                      3,160  Sdupload.asp
   12-Nov-2002  21:19                      4,153  Securityalert.asp
   12-Nov-2002  21:19                      9,039  Securityconfigdlg.asp
   16-Dec-2002  22:14  4.1.1106.0        632,832  Serverconfigurationapi.dll  
   12-Nov-2002  21:19                      9,780  Shared.inc
   12-Nov-2002  21:19                      6,306  Sitedeployprogress.asp
   12-Nov-2002  21:19                        435  Subscribe.inc
   12-Nov-2002  21:19                        437  Subscription.asp
   12-Nov-2002  21:19                        442  Subscriptionerror.asp
   12-Nov-2002  21:19                        443  Subscriptionsubmit.asp
   12-Nov-2002  21:19                      5,882  Surveyformsubmit.asp
   12-Nov-2002  21:19                      4,812  Table.asp
   12-Nov-2002  21:19                      2,699  Taskassistanthooks.inc
   12-Nov-2002  21:19                     10,600  Uploadacceptor.asp
   20-Nov-2002  19:26                      5,351  Urlutilities.inc
   12-Nov-2002  21:19                      5,741  Videoselectbrowse.asp
   12-Nov-2002  21:19                      5,084  Webserverconfigdlg.asp
   12-Nov-2002  21:19                        433  Whatsnew.asp
Note: Because of file dependencies, this update may contain additional files.

For additional information about the patch, see the Readme.htm file that is included with the package.

For more information about these vulnerabilities, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/MS03-002.mspx

Modification Type:MajorLast Reviewed:6/25/2004
Keywords:kbQFE KbSECBulletin kbSecurity KbSECVulnerability KB810487
©2004 Microsoft Corporation. All rights reserved.