Microsoft Network (MSN) Bypass / XSS / Abuse / Parameter Injection

[Aerosol]

Web Application Security Notification

Services Affected: msn

Type: Web Application Vulnerabilities

MSRC Reference: [21027cl]

Threat Level: High

Severity: High

CVSS Severity Score: 7.8

Impact Type: Complete confidentiality, integrity and availability violation.

Vulnerability:

Filtration Bypass.

Authenticated/Unauthenticated Cross-Site Scripting.

Resource access via Uniform Resource Identifier (URI) scheme abuse. [2]

Command and parameter injections on local software.

Vendor Overview

Microsoft Corporation is an American multinational corporation headquartered in Redmond,

Washington, that develops, manufactures, licenses, supports and sells computer software, consumer

electronics and personal computers and services. Its best known software products are the Microsoft

Windows line of operating systems, Microsoft Office suite, and Internet explorer web-browser.

Microsoft is the number one vendor and world’s largest vendor by revenue. Microsoft was founded by Bill Gates

and Paul Allen in 1975.

Service Overview

MSN (Originally the Microsoft Network) is a collection of Internet websites and services provided by

Microsoft Corporation. The new re-launched service as of 2014, features 12 sections consisting of

weather, news, sports, money, health & fitness, food and drink, travel, autos, video, entertainment and

lifestyle. The top of the homepage provides access to popular sites like Outlook.com, Facebook, Twitter,

OneNote , OneDrive and Skype. It is pertinent to note that, msn has more than 415 million

visitors worldwide, every month. [4]

Read More : HERE