CVE-2012-1858

Currently unrated

Key Information:

Vendor: Microsoft
Status: Lync; Office Communicator
Vendor: CVE Published:; 12 June 2012

Summary

The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."

References

http://www.us-cert.gov/cas/techalerts/TA12-192A.html

third-party-advisoryx_refsource_CERT

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.us-cert.gov/cas/techalerts/TA12-164A.html

third-party-advisoryx_refsource_CERT

EPSS Score

90% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 12, 2012
Vulnerability Reserved
Mar 22, 2012

Collectors

NVD DatabaseMitre Database