Trend Micro Security

MS12-007:AntiXSS Library の脆弱性により、情報漏えいが起こる (2607664)

  危険度: :
  CVE識別番号: CVE-2012-0007

  概要

This security update resolves one privately reported vulnerability in the Microsoft Anti-Cross Site Scripting (AntiXSS) Library. The vulnerability could allow information disclosure if a an attacker passes a malicious script to a website using the sanitization function of the AntiXSS Library.

The consequences of the disclosure of that information depend on the nature of the information itself. Note that this vulnerability would not allow an attacker to execute code or to elevate the attacker's user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. Only sites that use the sanitization module of the AntiXSS Library are affected by this vulnerability.

  トレンドマイクロの対策

詳しい情報については以下のサイトをご参照ください。

  影響を受けるソフトウェア

  • Microsoft Anti-Cross Site Scripting Library V3.x and Microsoft Anti-Cross Site Scripting Library V4.0