Signature Detail

HTTP: Microsoft Internet Explorer HTML Sanitization Vulnerability

This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack can lead to arbitrary code execution.

Extended Description

Microsoft Internet Explorer and Microsoft Lync are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks.

Affected Products

• Microsoft Groove Server 2010 SP1
• Microsoft Groove Server 2010
• Microsoft InfoPath 2007 SP3
• Microsoft InfoPath 2010 (32-bit editions)
• Microsoft InfoPath 2010 (64-bit editions)
• Microsoft InfoPath 2010 SP1 (32-bit editions)
• Microsoft InfoPath 2007 SP2
• Microsoft Internet Explorer 8
• Microsoft Internet Explorer 9
• Microsoft Lync 2010
• Microsoft Lync 2010 Attendant (32-bit)
• Microsoft Lync 2010 Attendant (64-bit)
• Microsoft Lync 2010 Attendee
• Microsoft Office Communicator 2007 R2
• Microsoft Office SharePoint Server 2007 SP2
• Microsoft Office SharePoint Server 2007 SP2 (64-bit)
• Microsoft Office SharePoint Server 2007 SP3
• Microsoft Office SharePoint Server 2007 SP3 (64-bit)
• Microsoft Office Web Apps 2010 SP1
• Microsoft Office Web Apps 2010
• Microsoft SharePoint Foundation 2010 SP1
• Microsoft SharePoint Foundation 2010
• Microsoft SharePoint Server 2010 SP1
• Microsoft SharePoint Server 2010 Enterprise Edition
• Microsoft SharePoint Server 2010 Standard Edition
• Microsoft Windows SharePoint Services 3.0 SP2

References

• BugTraq: 53842
• CVE: CVE-2012-1858
• CVE: CVE-2012-2520