MS12-066: Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2741517)

medium Nessus Plugin ID 62461

Synopsis

The remote host is affected by a privilege escalation vulnerability.

Description

The version of Microsoft InfoPath, Communicator, Lync, SharePoint Server, Groove Server, and/or Office Web Apps installed on the remote host is potentially affected by a privilege escalation vulnerability due to the way HTML strings are sanitized.

Solution

Microsoft has released a set of patches for InfoPath 2007, InfoPath 2010, Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, SharePoint Server 2007, SharePoint Server 2010, Groove Server 2010, SharePoint Services 3.0, SharePoint Foundation 2010, and Office Web Apps 2010.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-066

Plugin Details

Severity: Medium

ID: 62461

File Name: smb_nt_ms12-066.nasl

Version: 1.19

Type: local

Agent: windows

Published: 10/10/2012

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:microsoft:groove, cpe:/a:microsoft:infopath, cpe:/a:microsoft:lync, cpe:/a:microsoft:office_web_apps, cpe:/a:microsoft:sharepoint_server, cpe:/a:microsoft:sharepoint_services, cpe:/a:microsoft:sharepoint_foundation

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 10/9/2012

Vulnerability Publication Date: 10/9/2012

Reference Information

CVE: CVE-2012-2520

BID: 55797