Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1858

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-1858
Last Modified 06 Mar 2013 11:53:56
Published 12 Jun 2012 06:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-1858

Summary

The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."

Vulnerable Systems

Application

  • Microsoft Ie 8

  • Microsoft Ie 9

  • Microsoft Lync 2010

  • Microsoft Office Communicator 2007


References

MS - MS12-039

MS - MS12-037

MS - MS12-050

CERT - TA12-192A

CERT - TA12-164A

Related Patches

MS12-037 Cumulative Security Update for Internet Explorer 6 for Windows Server 2003 (KB2699988)

MS12-037 Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows Server 2003 (KB2699988)

MS12-037 Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 (KB2699988)

MS12-037 Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows Server 2003 (KB2699988)

MS12-037 Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 (KB2699988)

MS12-037 Cumulative Security Update for Internet Explorer 8 for Windows Server 2008 (KB2699988)

MS12-037 Cumulative Security Update for Internet Explorer 7 for Windows Server 2008 (KB2699988)

MS12-037 Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows Server 2008 (KB2699988)

MS12-037 Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 (KB2699988)

MS12-037 Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows Vista (KB2699988)

MS12-037 Cumulative Security Update for Internet Explorer 9 for Windows Vista (KB2699988)

MS12-037 Cumulative Security Update for Internet Explorer 8 for Windows Vista (KB2699988)

MS12-037 Cumulative Security Update for Internet Explorer 7 for Windows Vista (KB2699988)

MS12-037 Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows XP (KB2699988)

MS12-037 Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2699988)

MS12-037 Cumulative Security Update for Internet Explorer 7 for Windows XP (KB2699988)

MS12-037 Cumulative Security Update for Internet Explorer 6 for Windows XP (KB2699988)

MS12-037 Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows XP (KB2699988)

MS12-037 Cumulative Security Update for Internet Explorer 8 for Windows 7 (KB2699988)

MS12-037 Cumulative Security Update for Internet Explorer 9 for Windows 7 (KB2699988)

MS12-037 Cumulative Security Update for Internet Explorer 8 for Windows Vista for x64 (KB2699988)

MS12-037 Cumulative Security Update for Internet Explorer 9 for Windows Vista for x64 (KB2699988)

MS12-037 Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows Vista for x64 (KB2699988)

MS12-037 Cumulative Security Update for Internet Explorer 7 for Windows Vista for x64 (KB2699988)

MS12-037 Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows Server 2003 x64 (KB2699988)

MS12-037 Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows Server 2003 x64 (KB2699988)

MS12-037 Cumulative Security Update for Internet Explorer 6 for Windows Server 2003 x64 (KB2699988)

MS12-037 Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 (KB2699988)

MS12-037 Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 x64 (KB2699988)

MS12-037 Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows Server 2008 x64 (KB2699988)

MS12-037 Cumulative Security Update for Internet Explorer 7 for Windows Server 2008 x64 (KB2699988)

MS12-037 Cumulative Security Update for Internet Explorer 8 for Windows Server 2008 x64 (KB2699988)

MS12-037 Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 x64 (KB2699988)

MS12-037 Cumulative Security Update for Internet Explorer 8 for Windows Server 2008 R2 x64 (KB2699988)

MS12-037 Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 R2 x64 (KB2699988)

MS12-037 Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64 (KB2699988)

MS12-037 Cumulative Security Update for Internet Explorer 8 for Windows 7 for x64 (KB2699988)

MS12-039 Security Update for Office Communicator 2007 R2 (KB2708980)

MS12-039 Security Update for Lync 2010 Attendee (Administrator level installation) (KB2696031)

MS12-039 Security Update for Lync 2010 x86 (KB2693282)

MS12-039 Security Update for Lync 2010 Attendant (KB2702444)

MS12-039 2707956 2693282 Security Update for Lync 2010 (x64) (All Languages) (See Note)

MS12-050 Security Update for Microsoft InfoPath 2010 32-Bit Edition (KB2553431)

MS12-050 Security Update for Windows SharePoint Services 3.0 (KB2596911)

MS12-050 Security Update for Microsoft SharePoint Server 2010 (KB2553424)

MS12-050 Security Update for Microsoft Web Applications (KB2598239)

MS12-050 Security Update for Microsoft Office SharePoint Server 2007 32-Bit Edition (KB2596663)

MS12-050 Security Update for Microsoft SharePoint Foundation 2010 (KB2553365)

MS12-050 Security Update for Microsoft Groove Server 2010 (KB2589325)

MS12-050 Security Update for Microsoft Office InfoPath 2007 (KB2596786)

MS12-050 Security Update for Microsoft Office 2007 suites (KB2596666)

MS12-050 Security Update for 2010 Microsoft Business Productivity Servers (KB2553194)

MS12-050 Security Update for Microsoft Office SharePoint Server 2007 64-Bit Edition (KB2596663)

MS12-050 Security Update for Windows SharePoint Services 3.0 x64 (KB2596911)

MS12-050 Security Update for Microsoft InfoPath 2010 64-Bit Edition (KB2553322)

MS12-050 Security Update for Microsoft Office SharePoint Server 2007 64-Bit Edition (KB2596942)

MS12-050 Security Update for Microsoft InfoPath 2010 64-Bit Edition (KB2553431)


Last Updated: 27 May 2016 10:49:38