Summary
This host is missing an important security update according to Microsoft Bulletin MS12-007.
Impact
Successful exploitation could allow attackers to bypass the filter and conduct cross-site scripting attacks. Successful exploits may allow attackers to execute arbitrary script code and steal cookie-based authentication credentials.
Impact Level: Application
Solution
Upgrade to Microsoft Anti-Cross Site Scripting Library version 4.2.1 For updates refer to http://technet.microsoft.com/en-us/security/bulletin/ms12-007
Insight
The flaw is due to error in library which fails to properly filter HTML code from user-supplied input. A remote user may be able to exploit a target application that uses the library to cause arbitrary scripting code to be executed by the target user's browser.
Affected
Microsoft Anti-Cross Site Scripting Library version 3.x Microsoft Anti-Cross Site Scripting Library version 4.0
References
Severity
Classification
-
CVE CVE-2012-0007 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Microsoft Visio Information Disclosure Vulnerability (2834692)
- Microsoft Windows Active Directory Denial of Service Vulnerability (2830914)
- Microsoft SQL Server Elevation of Privilege Vulnerability (2984340) - Remote
- Microsoft Windows Active Directory Denial of Service Vulnerability (2853587)
- Microsoft File Handling Component Remote Code Execution Vulnerability (2922229)