MS12-007 - Important : Vulnerability in AntiXSS Library Could Allow Information Disclosure (2607664)

Discussion in 'Security Alerts' started by News, Jan 10, 2012.

  1. News

    News Extraordinary Robot
    News Feed

    Jun 27, 2006
    Likes Received:
    Severity Rating: Important
    Revision Note: V1.0 (January 10, 2012): Bulletin published.
    Summary: This security update resolves one privately reported vulnerability in the Microsoft Anti-Cross Site Scripting (AntiXSS) Library. The vulnerability could allow information disclosure if an attacker passes a malicious script to a website using the sanitization function of the AntiXSS Library. The consequences of the disclosure of that information depends on the nature of the information itself. Note that this vulnerability would not allow an attacker to execute code or to elevate the attacker's user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. Only sites that use the sanitization module of the AntiXSS Library are affected by this vulnerability.


Share This Page