Microsoft Internet Explorer 9 SharePoint Lync - toStaticHTML HTML Sanitizing Bypass (MS12-037MS12-039MS12-050)

Microsoft Internet Explorer 9 SharePoint Lync - toStaticHTML HTML Sanitizing Bypass MS12-037MS12-039MS12-050 toStaticHTML: The Second Encounter CVE-2012-1858 HTML Sanitizing Bypass - CVE-2012-1858 Original advisory -...

toStaticHTML HTML Sanitizing Bypass

toStaticHTML: The Second Encounter CVE-2012-1858 HTML Sanitizing Bypass - CVE-2012-1858 Original advisory - http://blog.watchfire.com/wfblog/2012/07/tostatichtml-the-second-encounter-cve-2012-1858-html-sanitizing-information-disclosure-introduction-t.html Introduction The toStaticHTML component,...

Cross site scripting

The toStaticHTML API aka the SafeHTML component in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via a crafted...

CVE-2011-1252

Cross-site scripting XSS vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint...

CVE-2011-1252

CVE-2011-1252 corresponds to a cross-site scripting vulnerability in the toStaticHTML SafeHTML function used by Internet Explorer 7/8 and several Microsoft SharePoint-related products (SharePoint Server 2007 SP2, SharePoint Server 2010 SP1, Groove Server 2010, Windows SharePoint Services 3.0 SP2,...

Microsoft Internet Explorer 'toStaticHTML' HTML Sanitizing Information Disclosure Vulnerability

Description Microsoft Internet Explorer is prone to an information-disclosure vulnerability that affects the 'toStaticHTML' API. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Avaya Aura Conferencing 6.0 Standard Avaya...

Microsoft Internet Explorer toStaticHTML Cross-Site-Scripting (MS11-050; CVE-2011-1252)

An information disclosure vulnerability exists in the way that Internet Explorer handles content using specific strings when sanitizing HTML. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow information disclosure if a user viewed the Web...

Microsoft IE 8 toStaticHTML()函数不安全HTML过滤漏洞(MS10-071/MS10-072)

BUGTRAQ ID: 42467 CVECAN ID: CVE-2010-3324 Internet Explorer是Windows操作系统中默认捆绑的web浏览器。 IE8中对窗口对象提供了名为toStaticHTML的过滤方式。如果向这个函数传送了HTML字符串，在返回之前会删除所有可执行的脚本结构。例如，可使用toStaticHTML方式确保从postMessage调用所接收到的HTML无法执行脚本，但可利用基本格式： document.attachEvent'onmessage',functione if e.domain == 'weather.example.com'...

PT-2010-4679 · Microsoft · Internet Explorer +3

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer version 8 Microsoft Windows SharePoint Services versions 3.0 SP2 Microsoft Office SharePoint Server versions 2007 SP2 Description: The issue allows remote attackers to inject arbitrary web script or HTML via...

Microsoft Internet Explorer 8 toStaticHTML API Information Disclosure (MS10-072; CVE-2010-3243)

Multiple memory corruption vulnerabilities have been reported in Microsoft Internet Explorer. An information disclosure vulnerability has been reported in the way that the toStaticHTML API sanitizes HTML. The vulnerability is due to the way that Internet Explorer handles content using specific...

Internet Explorer toStaticHTML API Cross-Site-Scripting (MS10-072; CVE-2010-3324)

Multiple memory corruption vulnerabilities have been reported in Microsoft Internet Explorer. An information disclosure vulnerability has been reported in the way that the toStaticHTML API sanitizes HTML. The vulnerability is due to the way that Internet Explorer handles content using specific...

Microsoft Internet Explorer 'toStaticHTML()' XSS Vulnerability

Internet Explorer is prone to a cross-site scripting XSS vulnerability. This VT has been deprecated and replaced by the VT with the OID: 1.3.6.1.4.1.25623.1.0.901162. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C...

Microsoft IE 8 toStaticHTML()函数不安全HTML过滤漏洞

BUGTRAQ ID: 42467 Internet Explorer是Windows操作系统中默认捆绑的web浏览器。 IE8中对窗口对象提供了名为toStaticHTML的过滤方式。如果向这个函数传送了HTML字符串，在返回之前会删除所有可执行的脚本结构。例如，可使用toStaticHTML方式确保从postMessage调用所接收到的HTML无法执行脚本，但可利用基本格式： document.attachEvent'onmessage',functione if e.domain == 'weather.example.com' spnWeather.innerHTML =...

Microsoft Internet Explorer 8 - 'toStaticHTML()' HTML Sanitization Bypass

source: https://www.securityfocus.com/bid/42467/info Internet Explorer 8 is prone to a security-bypass weakness. Internet Explorer 8 includes a method designed to sanitize executable script constructs from HTML. Attackers can bypass this protection, allowing script code to execute on the client,...

Microsoft Internet Explorer 8 - toStaticHTML() HTML Sanitization Bypass

Microsoft Internet Explorer 8 - toStaticHTML HTML Sanitization Bypass source: https://www.securityfocus.com/bid/42467/info Internet Explorer 8 is prone to a security-bypass weakness. Internet Explorer 8 includes a method designed to sanitize executable script constructs from HTML. Attackers can...

Cross site scripting

Cross-site scripting XSS vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or...

Internet Explorer toStaticHTML Information Disclosure (MS10-035; CVE-2010-1257)

An information disclosure vulnerability has been reported in Internet Explorer. The vulnerability is due to the way IInternet Explorer handles content using specific strings when sanitizing HTML. To trigger this issue, an attacker may create a malicious web page that will cause Internet Explorer ...

PT-2010-2962 · Microsoft · Sharepoint Services +4

Name of the Vulnerable Software and Affected Versions: Microsoft Office InfoPath versions 2003 SP3 through 2007 SP2 Office SharePoint Server versions 2007 SP1 through 2007 SP2 SharePoint Services versions 3.0 SP1 through 3.0 SP2 Internet Explorer version 8 Description: The issue is related to a...