Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2520

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-2520
Last Modified 02 Nov 2013 11:24:17
Published 09 Oct 2012 05:55:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2520

Summary

Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."

Vulnerable Systems

Application

  • Microsoft Groove Server 2010

  • Microsoft Infopath 2007

  • Microsoft Infopath 2010

  • Microsoft Lync 2010

  • Microsoft Office Communicator 2007

  • Microsoft Office Web Apps 2010

  • Microsoft Sharepoint Foundation 2010

  • Microsoft Sharepoint Server 2007

  • Microsoft Sharepoint Server 2010

  • Microsoft Sharepoint Services 3.0


References

MS - MS12-066

CERT - TA12-283A

SECTRACK - 1027629

SECTRACK - 1027628

SECTRACK - 1027627

SECTRACK - 1027625

BID - 55797

SECTRACK - 1027626

Related Patches

MS12-066 Security Update for Lync 2010 x86 (KB2726382)

MS12-066 Security Update for Microsoft Groove Server 2010 (KB2687402)

MS12-066 Security Update for Microsoft Office InfoPath 2007 (KB2687440)

MS12-066 Security Update for 2010 Microsoft Business Productivity Servers (KB2589280)

MS12-066 Security Update for Microsoft SharePoint Server 2010 (KB2687435)

MS12-066 Security Update for Microsoft InfoPath 2010 32-Bit Edition (KB2687436)

MS12-066 Security Update for Office Communicator 2007 R2 (KB2726391)

MS12-066 Security Update for Windows SharePoint Services 3.0 (KB2687442)

MS12-066 Security Update for Windows SharePoint Services 3.0 x64 (KB2687442)

MS12-066 Security Update for Microsoft Office 2007 suites (KB2687439)

MS12-066 Security Update for Microsoft SharePoint Foundation 2010 (KB2687434)

MS12-066 Security Update for Microsoft InfoPath 2010 32-Bit Edition (KB2687417)

MS12-066 Security Update for Microsoft Office SharePoint Server 2007 32-Bit Edition (KB2687405)

MS12-066 Security Update for Lync 2010 Attendee - Administrator level installation (KB2726388)

MS12-066 Security Update for Microsoft InfoPath 2010 64-Bit Edition (KB2687417)

MS12-066 Security Update for Microsoft InfoPath 2010 64-Bit Edition (KB2687436)

MS12-066 Security Update for Lync 2010 x64 (KB2726382)

MS12-066 Security Update for Microsoft Office SharePoint Server 2007 64-Bit Edition (KB2687405)


Last Updated: 27 May 2016 11:00:56