MS12-040 - Important : Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevatio

News

Extraordinary Robot
News Feed
#1
Severity Rating: Important
Revision Note: V1.0 (June 12, 2012): Bulletin published.
Summary: This security update resolves one privately reported vulnerability in Microsoft Dynamics AX Enterprise Portal. The vulnerability could allow elevation of privilege if a user clicks a specially crafted URL or visits a specially crafted website. In an email attack scenario, an attacker could exploit the vulnerability by sending an email message that contains the specially crafted URL to the user of the targeted Microsoft Dynamics AX Enterprise Portal site and by convincing the user to click the specially crafted URL. Internet Explorer 8 and Internet Explorer 9 users browsing to a Microsoft Dynamics AX Enterprise Portal site in the Internet Zone are at a reduced risk. By default, the XSS Filter in Internet Explorer 8 and Internet Explorer 9 prevents this attack in the Internet Zone. However, the XSS Filter in Internet Explorer 8 and Internet Explorer 9 is not enabled by default in the Intranet Zone.

More...
 


This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.