MS11-061: Vulnerability in Remote Desktop Web Access Could Allow Elevation of Privilege (2546250)
Medium Nessus Plugin ID 55791
SynopsisA web application running on the remote Windows host has a cross-site scripting vulnerability.
DescriptionThe version of Remote Desktop Web Access running on the remote host has a reflected cross-site scripting vulnerability. Input to the 'ReturnUrl' parameter of login.aspx is not properly sanitized.
A remote attacker could exploit this by tricking a user into requesting a maliciously crafted URL, resulting in arbitrary script code execution.
SolutionMicrosoft has released a patch for Windows 2008 R2.