MS11-051: Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege (2518295)
Medium Nessus Plugin ID 55131
SynopsisThe remote Windows host has an ASP application with a cross-site scripting vulnerability.
DescriptionA reflected (or non-persistent) cross-site scriting vulnerability exists in the version of Active Directory Certificate Services Web Enrollment installed on the remote Windows host due to improper validation of a request parameter.
By using a specially crafted link, an attacker could leverage the vulnerability to gain elevated privileges and execute arbitrary commands in the context of the target user.
SolutionMicrosoft has released a set of patches for Windows XP, 2003, 2008, and 2008 R2.