Release DateJan 12, 2012 |
Severityhigh |
ImpactInformation Disclosure: Remote attackers can gain sensitive information from vulnerable systems. |
DescriptionThis indicates an attack attempt to exploit an Information Disclosure vulnerability in Microsoft Anti-Cross Site Scripting Library.The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. As a result, a remote attacker can execute arbitrary script code within the context of the application, allowing them to gain unauthorized access to sensitive information for further attacks. |
Affected ProductsMicrosoft Anti-Cross Site Scripting Library V3.1 and earlier versionsMicrosoft Anti-Cross Site Scripting Library V4.0 |
Recommended ActionsApply the most recent upgrade or patch from the vendor.http://www.microsoft.com/technet/security/Bulletin/MS12-007.mspx |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2012-0007 |
Reference/shttp://technet.microsoft.com/en-us/security/bulletin/MS12-007.mspx (MS-ID)https://portal.telussecuritylabs.com/threat/TSL20120110-08 |
