CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
MS12-066 | Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2741517) | Microsoft Office | Important | 10-10-2012 |
Technical Information
Brief overview of the risk:
This security update resolves a publicly disclosed vulnerability in Microsoft Office, Microsoft Communications Platforms, Microsoft Server software, and Microsoft Office Web Apps. The vulnerability could allow elevation of privilege if an attacker sends specially crafted content to a user.
Detailed Information on the risk:
An elevation of privilege vulnerability exists in the way that HTML strings are sanitized. An attacker who successfully exploited this vulnerability could perform cross-site scripting attacks and run script in the security context of the logged-on user.
Further information on this exploit is available at : MS12-066
Affected Software
Microsoft OfficeMicrosoft Communications Platforms
Microsoft Server software
Microsoft Office Web Apps