Active Directory Certificate Services Web Enrollment Elevation Of Privilege Vulnerability (2518295) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS11-051.

Impact

Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/MS11-051.mspx

Insight

The flaw is caused by improper input validation of a request parameter on an Active Directory Certificate Services Web Enrollment site.

Affected

Active Directory Certificate Services, - Microsoft Windows 2K3 Service Pack 2 and prior - Microsoft Windows Server 2008 Service Pack 2 and prior

References

http://support.microsoft.com/kb/2518295
http://www.microsoft.com/technet/security/bulletin/MS11-051.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1264

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Microsoft Windows Media Service Handshake Sequence DoS Vulnerability
Microsoft Windows Media Center Remote Code Execution Vulnerability (2978742)
Microsoft Windows Digital Signatures Denial of Service Vulnerability (2868626)
Microsoft Windows Defender Privilege Elevation Vulnerability (2847927)
Microsoft Windows Active Directory SPN Denial of Service (2478953)

Active Directory Certificate Services Web Enrollment Elevation of Privilege Vulnerability (2518295)

Take action and discover your vulnerabilities