ID de Prueba:	1.3.6.1.4.1.25623.1.0.902785
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft AntiXSS Library Information Disclosure Vulnerability (2607664)
Resumen:	This host is missing an important security update according to; Microsoft Bulletin MS12-007.
Descripción:	Summary: This host is missing an important security update according to Microsoft Bulletin MS12-007. Vulnerability Insight: The flaw is due to error in library which fails to properly filter HTML code from user-supplied input. A remote user may be able to exploit a target application that uses the library to cause arbitrary scripting code to be executed by the target user's browser. Vulnerability Impact: Successful exploitation could allow attackers to bypass the filter and conduct cross-site scripting attacks. Successful exploits may allow attackers to execute arbitrary script code and steal cookie-based authentication credentials. Affected Software/OS: - Microsoft Anti-Cross Site Scripting Library version 3.x - Microsoft Anti-Cross Site Scripting Library version 4.0 Solution: Upgrade to Microsoft Anti-Cross Site Scripting Library version 4.2.1 CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0007 BugTraq ID: 51291 http://www.securityfocus.com/bid/51291 Cert/CC Advisory: TA12-010A http://www.us-cert.gov/cas/techalerts/TA12-010A.html Microsoft Security Bulletin: MS12-007 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-007 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14314 http://www.securitytracker.com/id?1026499 http://secunia.com/advisories/47483 http://secunia.com/advisories/47516
Copyright	Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.