Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

HTML sanitization component vulnerability could allow escalation of privilege


Report ID: MS201210003
Date Published: 10 October 2012

Criticality: Important
Compromise Type: privilege-escalation
Compromise From: remote


Affected Product/Component:

Microsoft InfoPath 2007
Microsoft InfoPath 2010
Microsoft Communicator 2007
Microsoft Lync 2010
Microsoft Lync Attendee
Microsoft SharePoint Server 2007
Microsoft SharePoint Server 2010
Microsoft Groove Server 2010
Microsoft Windows SharePoint Services 3.0
Microsoft SharePoint Foundation 2010
Microsoft Office Web Apps 2010




Summary

A vulnerability involving HTML sanitization in selected Microsoft products could lead to an attacker gaining elevated privileges on an affected system.



Detailed Description

Microsoft has released a security update to address a vulnerability involving HTML sanitization in selected Microsoft products. The vulnerability was caused by a flaw in the way that HTML strings are sanitized. Upon successful exploitation, an attacker could be able to read protected content and take actions on behalf of the user.

The latest update release fixes this issue by making midification on the way that HTML strings are sanitized. Users are recommended to install the latest security update as a protection measure against potential exploit attemots.



CVE Reference

CVE-2012-2520



Solution

Install the latest security patch for applicable system, available for download from (http://technet.microsoft.com/en-us/security/bulletin/ms12-066)



Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.