MS12-066: Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2741517)

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by a privilege escalation vulnerability.

Description :

The version of Microsoft InfoPath, Communicator, Lync, SharePoint
Server, Groove Server, and/or Office Web Apps installed on the remote
host is potentially affected by a privilege escalation vulnerability
due to the way HTML strings are sanitized.

See also :

http://technet.microsoft.com/en-us/security/bulletin/ms12-066

Solution :

Microsoft has released a set of patches for InfoPath 2007, InfoPath
2010, Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, SharePoint
Server 2007, SharePoint Server 2010, Groove Server 2010, SharePoint
Services 3.0, SharePoint Foundation 2010, and Office Web Apps 2010.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 62461 ()

Bugtraq ID: 55797

CVE ID: CVE-2012-2520