<< Back
CVE Number Vulnerability Product Severity Date
MS12-062 Vulnerability in System Center Configuration Manager Could Allow Elevation of Privilege (2741528) Microsoft Systems Important 12-09-2012

Technical Information

Brief overview of the risk:
The vulnerability could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to persuade users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker’s website.
Detailed Information on the risk:

A cross-site scripting (XSS) vulnerability exists in System Center Configuration Manager where code can be injected back to the user in the resulting page, effectively allowing attacker-controlled code to run in the context of the user clicking the link.

Further information on this exploit is available at : MS12-062

Affected Software

Microsoft Systems Management Server 2003 Service Pack 3
Microsoft System Center Configuration Manager 2007 Service Pack 2