Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Microsoft Dynamics AX Enterprise Portal vulnerability could allow escalation of privilege


Report ID: MS201206005
Date Published: 13 June 2012

Criticality: Important
Compromise Type: privilege-escalation cross-site-scripting
Compromise From: local-system


Affected Product/Component:

Microsoft Dynamics AX 2012 Enterprise Portal




Summary

A vulnerability in Microsoft Dynamics AX 2012 Enterprise Portal could lead to escalation of privilege or information disclosure if an attacker successfully convinces a user to click a malicious URL.



Detailed Description

Microsoft has released a security update for Microsoft Dynamics AX 2012 Enterprise Portal to fix a reported cross-site scripting vulnerability.

The vulnerability was a result of improper handling of JavaScript elements within a URL, which allows the script to be displayed back to the user's browser. An attacker could take advantage of this condition to issue commands in the context of an authenticated user.

This issue has been fixed through the update by introducing correction on the way user input are validated and sanitized. Users are recommended to install the update to protect their system from potential exploit attempts.

 



CVE Reference

CVE-2012-1857



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-040)



Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.