Microsoft Internet Explorer 9 / SharePoint / Lync - toStaticHTML HTML Sanitizing Bypass (MS12-037/MS12-039/MS12-050)

toStaticHTML: The Second Encounter CVE-2012-1858 HTML Sanitizing Bypass - CVE-2012-1858 Original advisory - http://blog.watchfire.com/wfblog/2012/07/tostatichtml-the-second-encounter-cve-2012-1858-html-sanitizing-information-disclosure-introduction-t.html Introduction The toStaticHTML component,...

Microsoft Lync/Office Communicator HTML代码过滤漏洞 (CVE-2012-1858) (MS12-039)

CVE ID: CVE-2012-1858 Microsoft Lync 新一代企业整合沟通平台（前身为 Communications Server），提供了一种全新的、直观的用户体验，跨越 PC、Web、手机等其他移动设备，将不同的沟通方式集成到一个平台之中。 Microsoft Lync HTML过滤时存在信息泄露漏洞，可允许攻击者执行XSS攻击和运行脚本。 0 Microsoft Lync 2010 Microsoft Office Communicator 2007 临时解决方法： 如果您不能立刻安装补丁或者升级，建议您采取以下措施以降低威胁：...

MS12-039: Description of the security update for Lync 2010 Attendee (user level install): June 12, 2012

Resolves vulnerabilities in Microsoft Lync that could allow remote code execution if a user views shared content that contains specially crafted TrueType fonts.INTRODUCTIONMicrosoft has released security bulletin MS12-039. To view the complete security bulletin, go to one of the following Microso...

Internet Explorer HTML Sanitization Information Disclosure (MS12-039; CVE-2012-1858)

An information disclosure vulnerability has been reported in Microsoft Internet Explorer...