MS12-007: Vulnerability in AntiXSS Library Could Allow Information Disclosure (2607664)

medium Nessus Plugin ID 57475

Synopsis

A library is installed on the remote host that is affected by an information disclosure vulnerability.

Description

The remote Windows host is running a version of the Anti-Cross-Site Scripting Library (AntiXSS) that is affected by an information disclosure vulnerability.

An attacker could gain access to sensitive information if he could pass a malicious script to a website using the sanitization function of the Anti-Cross-Site Scripting Library.

Solution

Microsoft has released a new version of the AntiXSS Library.

See Also

https://www.securityfocus.com/archive/1/521307/30/0/threaded

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-007

Plugin Details

Severity: Medium

ID: 57475

File Name: smb_nt_ms12-007.nasl

Version: 1.23

Type: local

Agent: windows

Published: 1/10/2012

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:microsoft:anti-cross_site_scripting_library

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/10/2012

Vulnerability Publication Date: 1/10/2012

Reference Information

CVE: CVE-2012-0007

BID: 51291

IAVB: 2012-B-0003

MSFT: MS12-007

MSKB: 2607664