MS11-051:Active Directory 証明書サービスの Web 登録の脆弱性により、特権が昇格される (2518295)
2011年6月16日
危険度: : 高
CVE識別番号: CVE-2011-1264
概要
This update resolves a privately reported vulnerability in Active Directory Certificate Services Web Enrollment. The vulnerability is a cross-site scripting (XSS) vulnerability that could allow elevation of privilege, enabling an attacker to execute arbitrary commands on the site in the context of the target user. An attacker who successfully exploits this vulnerability would need to send a specially crafted link and convince a user to click the link. In all cases, however, an attacker would have no way to force a user to visit the website. Instead, an attacker would have to persuade a user to visit the website, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes the user to the vulnerable website.
トレンドマイクロの対策
影響を受けるソフトウェア
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1