Microsoft Dynamics AX Enterprise Portal vulnerability could allow escalation of privilege
Report ID: MS201206005
Date Published: 13 June 2012
Compromise Type: privilege-escalation cross-site-scripting
Compromise From: local-system
Microsoft Dynamics AX 2012 Enterprise Portal
A vulnerability in Microsoft Dynamics AX 2012 Enterprise Portal could lead to escalation of privilege or information disclosure if an attacker successfully convinces a user to click a malicious URL.
Microsoft has released a security update for Microsoft Dynamics AX 2012 Enterprise Portal to fix a reported cross-site scripting vulnerability.
This issue has been fixed through the update by introducing correction on the way user input are validated and sanitized. Users are recommended to install the update to protect their system from potential exploit attempts.
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-040)