(MS12-040) Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevation of Privilege (2709100)

  Severity: HIGH
  CVE Identifier: CVE-2012-1857
  Advisory Date: JUN 13, 2012

  DESCRIPTION

A cross-site scripting vulnerability in Microsoft Dynamics AX Enterprise Portal exists that may allow an attacker to gain an elevation of privilege on a vulnerable system. The attacker must lure a potential victim to click on a specially crafted URL that hosts an exploit to the said vulnerability.

  SOLUTION

  AFFECTED SOFTWARE AND VERSION

  • Microsoft Dynamics AX 2012