Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2012-1858

Published: 12/06/2012 Updated: 07/12/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Lync

Vulnerability Summary

The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote malicious users to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft lync 2010

microsoft office communicator 2007

microsoft internet_explorer 8

microsoft internet_explorer 9

Exploits

Exploit DB: Microsoft Internet Explorer 9 / SharePoint / Lync - toStaticHTML HTML Sanitizing Bypass (MS12-037/MS12-039/MS12-050)
toStaticHTML: The Second Encounter (CVE-2012-1858) *HTML Sanitizing Bypass - *CVE-2012-1858<wwwcvemitreorg/cgi-bin/cvenamecgi?name=CVE-2012-1858> Original advisory - blogwatchfirecom/wfblog/2012/07/tostatichtml-the-second-encounter-cve-2012-1858-html-sanitizing-information-disclosure-introduction-thtml Introduction Th ...
Exploit DB: toStaticHTML HTML Sanitizing Bypass
The *toStaticHTML* component, which is found in Internet Explorer versions greater than 8, SharePoint and Lync is used to sanitize HTML fragments from dynamic and potentially malicious content An attacker is able to create a specially formed CSS that will overcome * toStaticHTML*'s security logic; therefore, after passing the specially crafted CSS ...

References

CWE-200http://www.us-cert.gov/cas/techalerts/TA12-164A.htmlhttp://www.us-cert.gov/cas/techalerts/TA12-192A.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15530https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037https://nvd.nist.govhttps://www.exploit-db.com/exploits/19777/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook