Lucene search

K
cveMicrosoftCVE-2012-1858
HistoryJun 12, 2012 - 10:55 p.m.

CVE-2012-1858

2012-06-1222:55:01
CWE-200
microsoft
web.nvd.nist.gov
149
cve-2012-1858
nvd
microsoft
internet explorer
xss
html sanitization vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

0.948

Percentile

99.3%

The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka β€œHTML Sanitization Vulnerability.”

Affected configurations

Nvd
Node
microsoftlyncMatch2010attendee
OR
microsoftlyncMatch2010x64
OR
microsoftlyncMatch2010x86
OR
microsoftoffice_communicatorMatch2007r2
Node
microsoftinternet_explorerMatch8
AND
microsoftwindows_2003_serversp2
OR
microsoftwindows_7x86
OR
microsoftwindows_7Match-
OR
microsoftwindows_7Match-sp1x64
OR
microsoftwindows_7Match-sp1x86
OR
microsoftwindows_server_2003sp2
OR
microsoftwindows_server_2008r2itanium
OR
microsoftwindows_server_2008r2x64
OR
microsoftwindows_server_2008sp2x64
OR
microsoftwindows_server_2008sp2x86
OR
microsoftwindows_vistasp2
OR
microsoftwindows_xpsp3
OR
microsoftwindows_xpMatch-sp2x64
Node
microsoftinternet_explorerMatch9
AND
microsoftwindows_7x64
OR
microsoftwindows_7x86
OR
microsoftwindows_7sp1x64
OR
microsoftwindows_7sp1x86
OR
microsoftwindows_7Match-
OR
microsoftwindows_7Match-sp1x64
OR
microsoftwindows_7Match-sp1x86
OR
microsoftwindows_server_2008sp2x86
OR
microsoftwindows_server_2008Matchr2x64
OR
microsoftwindows_vistasp2
OR
microsoftwindows_vistaMatch-sp2
VendorProductVersionCPE
microsoftlync2010cpe:2.3:a:microsoft:lync:2010:*:attendee:*:*:*:*:*
microsoftlync2010cpe:2.3:a:microsoft:lync:2010:*:x64:*:*:*:*:*
microsoftlync2010cpe:2.3:a:microsoft:lync:2010:*:x86:*:*:*:*:*
microsoftoffice_communicator2007cpe:2.3:a:microsoft:office_communicator:2007:r2:*:*:*:*:*:*
microsoftinternet_explorer8cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*
microsoftwindows_2003_server*cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
microsoftwindows_7*cpe:2.3:o:microsoft:windows_7:*:*:x86:*:*:*:*:*
microsoftwindows_7-cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
microsoftwindows_7-cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*
microsoftwindows_7-cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*
Rows per page:
1-10 of 241

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

0.948

Percentile

99.3%