|MS13-003||Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege (2748552)||Microsoft System||Important||09-01-2013|
Brief overview of the risk:
This security update resolves two privately reported vulnerabilities in Microsoft System Center Operations Manager. The vulnerabilities could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the affected website.
Detailed Information on the risk:
A cross-site scripting (XSS) vulnerability exists in System Center Operations Manager that could allow specially crafted script code to run under the guise of the server. This is a non-persistent cross-site scripting vulnerability that could allow an attacker to issue commands to the System Center Operations Manager server in the context of the targeted user.
Further information on this exploit is available at : MS13-003
Affected SoftwareMicrosoft System Center Operations Manager 2007 Service Pack 1
Microsoft System Center Operations Manager 2007 R2