MS11-051:Active Directory 証明書サービスの Web 登録の脆弱性により、特権が昇格される (2518295)

This update resolves a privately reported vulnerability in Active Directory Certificate Services Web Enrollment. The vulnerability is a cross-site scripting (XSS) vulnerability that could allow elevation of privilege, enabling an attacker to execute arbitrary commands on the site in the context of the target user. An attacker who successfully exploits this vulnerability would need to send a specially crafted link and convince a user to click the link. In all cases, however, an attacker would have no way to force a user to visit the website. Instead, an attacker would have to persuade a user to visit the website, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes the user to the vulnerable website.