<< Back
CVE Number Vulnerability Product Severity Date
MS12-061 Vulnerability in Visual Studio Team Foundation Server Could Allow Elevation of Privilege (2719584) Microsoft Visual Important 12-09-2012

Technical Information

Brief overview of the risk:
The vulnerability could allow elevation of privilege if a user clicks a specially crafted link in an email message or browses to a webpage that is used to exploit the vulnerability.
Detailed Information on the risk:

A reflected XSS vulnerability exists in Visual Studio Team Foundation Server that could allow an attacker to inject a client-side script into the user’s instance of Internet Explorer or any web browser using Team Foundation Server web access. The script could spoof content, disclose information, or take any action that the user could take on the site on behalf of the targeted user.

Further information on this exploit is available at : MS12-061

Affected Software

Microsoft Visual Studio Team Foundation Server 2010 Service Pack 1