Cross-Site Scripting Vulnerability in Microsoft Internet Explorer and Lync
CVE-2012-1858

Currently unrated

Key Information:

Vendor: Microsoft
Status: Lync; Office Communicator
Vendor: CVE Published:; 12 June 2012

Summary

The SafeHTML component in Microsoft Internet Explorer and its related products does not adequately sanitize user input, particularly in handling event attributes and scripts. This oversight can be exploited by attackers to execute malicious scripts through crafted HTML documents, leading to potential unauthorized access or data manipulation. Users are advised to apply security updates to mitigate this vulnerability and protect against such XSS attacks.

References

http://www.us-cert.gov/cas/techalerts/TA12-192A.html

third-party-advisoryx_refsource_CERT

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.us-cert.gov/cas/techalerts/TA12-164A.html

third-party-advisoryx_refsource_CERT

EPSS Score

67% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 12, 2012
Vulnerability Reserved
Mar 22, 2012