|MS12-062||Vulnerability in System Center Configuration Manager Could Allow Elevation of Privilege (2741528)||Microsoft Systems||Important||12-09-2012|
Brief overview of the risk:
The vulnerability could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to persuade users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker’s website.
Detailed Information on the risk:
A cross-site scripting (XSS) vulnerability exists in System Center Configuration Manager where code can be injected back to the user in the resulting page, effectively allowing attacker-controlled code to run in the context of the user clicking the link.
Further information on this exploit is available at : MS12-062
Affected SoftwareMicrosoft Systems Management Server 2003 Service Pack 3
Microsoft System Center Configuration Manager 2007 Service Pack 2