<< Back
CVE Number Vulnerability Product Severity Date
MS12-066 Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2741517) Microsoft Office Important 10-10-2012

Technical Information

Brief overview of the risk:
This security update resolves a publicly disclosed vulnerability in Microsoft Office, Microsoft Communications Platforms, Microsoft Server software, and Microsoft Office Web Apps. The vulnerability could allow elevation of privilege if an attacker sends specially crafted content to a user.
Detailed Information on the risk:

An elevation of privilege vulnerability exists in the way that HTML strings are sanitized. An attacker who successfully exploited this vulnerability could perform cross-site scripting attacks and run script in the security context of the logged-on user.

Further information on this exploit is available at : MS12-066

Affected Software

Microsoft Office
Microsoft Communications Platforms
Microsoft Server software
Microsoft Office Web Apps