Microsoft Internet Explorer CVE-2012-0010 Cross Domain Information Disclosure Vulnerability

2012-02-1400:00:00

Symantec Security Response

www.symantec.com

0.018 Low

EPSS

Percentile

86.5%

JSON

Description

Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability because it fails to adequately validate user-supplied data during copy and paste operations. An attacker can exploit this issue to view content from a browser window in another domain or security zone. This may allow the attacker to obtain sensitive information or aid in further attacks.

Technologies Affected

Avaya Aura Conferencing 6.0 Standard
Avaya CallPilot 4.0
Avaya CallPilot 5.0
Avaya Communication Server 1000 Telephony Manager 3.0
Avaya Communication Server 1000 Telephony Manager 4.0
Avaya Meeting Exchange - Client Registration Server
Avaya Meeting Exchange - Recording Server
Avaya Meeting Exchange - Streaming Server
Avaya Meeting Exchange - Web Conferencing Server
Avaya Meeting Exchange - Webportal
Avaya Meeting Exchange 5.0
Avaya Meeting Exchange 5.0 SP1
Avaya Meeting Exchange 5.0 SP2
Avaya Meeting Exchange 5.0.0.0.52
Avaya Meeting Exchange 5.1
Avaya Meeting Exchange 5.1 SP1
Avaya Meeting Exchange 5.2
Avaya Meeting Exchange 5.2 SP1
Avaya Meeting Exchange 5.2 SP2
Avaya Messaging Application Server 4
Avaya Messaging Application Server 5
Avaya Messaging Application Server 5.2
Microsoft Internet Explorer 6.0
Microsoft Internet Explorer 7.0
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9

Recommendations

Run all software as a nonprivileged user with minimal access rights.
When possible, run all software as a user with minimal privileges and limited access to system resources. Use additional precautions such as restrictive environments to insulate software that may potentially handle malicious content.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This may indicate exploit attempts or activity that results from successful exploits.

Do not follow links provided by unknown or untrusted sources.
Web users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.

Set web browser security to disable the execution of script code or active content.
Since a successful exploit of this issue requires malicious code to execute in web clients, consider disabling support for script code and active content within the client browser. Note that this mitigation tactic might adversely affect legitimate websites that rely on the execution of browser-based script code.

Updates are available; please see the references for details.

CPENameOperatorVersion
avaya communication servereq1000 Telephony Manager 4.0 
avaya messaging application servereq5 
avaya callpiloteq5.0 
avaya meeting exchangeeq5.1 
microsoft internet explorereq9 
avaya aura conferencingeq6.0 Standard 
avaya messaging application servereq4 
avaya meeting exchangeeq5.2 
avaya meeting exchangeeq5.2 SP2 
avaya callpiloteq4.0 

Name	Operator	Version
avaya communication server	eq	1000 Telephony Manager 4.0
avaya messaging application server	eq	5
avaya callpilot	eq	5.0
avaya meeting exchange	eq	5.1
microsoft internet explorer	eq	9
avaya aura conferencing	eq	6.0 Standard
avaya messaging application server	eq	4
avaya meeting exchange	eq	5.2
avaya meeting exchange	eq	5.2 SP2
avaya callpilot	eq	4.0

Rows per page:

1-10 of 211

0.018 Low

EPSS

Percentile

86.5%

JSON

Related for SMNTC-51931