MS12-007: Vulnerability in AntiXSS Library Could Allow Information Disclosure (2607664)

Medium Nessus Plugin ID 57475


A library is installed on the remote host that is affected by an information disclosure vulnerability.


The remote Windows host is running a version of the Anti-Cross-Site Scripting Library (AntiXSS) that is affected by an information disclosure vulnerability.

An attacker could gain access to sensitive information if he could pass a malicious script to a website using the sanitization function of the Anti-Cross-Site Scripting Library.


Microsoft has released a new version of the AntiXSS Library.

See Also

Plugin Details

Severity: Medium

ID: 57475

File Name: smb_nt_ms12-007.nasl

Version: $Revision: 1.19 $

Type: local

Agent: windows

Published: 2012/01/10

Modified: 2017/07/26

Dependencies: 13855, 57033

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:anti-cross_site_scripting_library

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/01/10

Vulnerability Publication Date: 2012/01/10

Reference Information

CVE: CVE-2012-0007

BID: 51291

OSVDB: 78208

MSFT: MS12-007

IAVB: 2012-B-0003

MSKB: 2607664