Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0007

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-0007
Last Modified 06 Mar 2013 11:50:20
Published 10 Jan 2012 04:55:03
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-0007

Summary

The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets (CSS) escaped character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML input, aka "AntiXSS Library Bypass Vulnerability."

Vulnerable Systems

Application

  • Microsoft Anti-cross Site Scripting Library 3.1

  • Microsoft Anti-cross Site Scripting Library 4.0


References

MS - MS12-007

SECTRACK - 1026499

BID - 51291

SECUNIA - 47516

SECUNIA - 47483

CERT - TA12-010A


Last Updated: 27 May 2016 10:57:18