CVE-2012-1858
CVE-2012-1858
The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/19777unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15530http://www.us-cert.gov/cas/techalerts/TA12-164A.htmlhttp://www.us-cert.gov/cas/techalerts/TA12-192A.html