logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2012-1858

Description

The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."


Affected Software


CPE Name Name Version
microsoft:lync microsoft lync 2010
microsoft:office_communicator microsoft office communicator 2007
microsoft:internet_explorer microsoft internet explorer 8
microsoft:internet_explorer microsoft internet explorer 9

Related