CVE-2012-1858
4.3
Vector
AV:N/AC:M/Au:N/C:P/I:N/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD
Description
The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
Affected (6)
Products: Microsoft: Lync, Office Communicator, Internet Explorer
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2010 | |
| Version 2007 r2 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 8 |
| Running on/with | Platform Versions |
|---|---|
Microsoft Windows 2003 Server | All versions |
Microsoft Windows Server 2003 | All versions |
Microsoft Windows Server 2008 | All versions |
Microsoft Windows Xp | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 9 |
| Running on/with | Platform Versions |
|---|---|
Microsoft Windows 7 | All versions |
Microsoft Windows Server 2008 | All versions |
Microsoft Windows Vista | All versions |
References (12)
Source: secure@microsoft.com
US Government Resource
Source: secure@microsoft.com
US Government Resource
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Timeline
No history available yet.