First published: Thu Jun 16 2011(Updated: )
Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability."
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
Internet Explorer | =7 | |
Any of | ||
Microsoft Windows Server 2003 | =sp2 | |
Microsoft Windows Server 2003 | =sp2 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | ||
Microsoft Windows Server | ||
Microsoft Windows Server | ||
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows Vista | =sp1 | |
Microsoft Windows Vista | =sp2 | |
Microsoft Windows Vista | =sp1 | |
Microsoft Windows Vista | =sp2 | |
Microsoft Windows XP | =sp3 | |
Microsoft Windows XP | =sp2 | |
All of | ||
Internet Explorer | =8 | |
Any of | ||
Microsoft Windows Server 2003 | =sp2 | |
Microsoft Windows 7 | ||
Microsoft Windows 7 | ||
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | ||
Microsoft Windows Server | ||
Microsoft Windows Server | ||
Microsoft Windows Server | =r2 | |
Microsoft Windows Server | =r2 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows Vista | =sp1 | |
Microsoft Windows Vista | =sp2 | |
Microsoft Windows Vista | =sp1 | |
Microsoft Windows XP | =sp3 | |
Microsoft Windows XP | =sp2 | |
Internet Explorer | =7 | |
Microsoft Windows Server 2003 | =sp2 | |
Microsoft Windows Server 2003 | =sp2 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | ||
Microsoft Windows Server | ||
Microsoft Windows Server | ||
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows Vista | =sp1 | |
Microsoft Windows Vista | =sp1 | |
Microsoft Windows Vista | =sp2 | |
Microsoft Windows Vista | =sp2 | |
Microsoft Windows Vista | =sp1 | |
Microsoft Windows Vista | =sp2 | |
Microsoft Windows XP | =sp3 | |
Microsoft Windows XP | =sp2 | |
Internet Explorer | =8 | |
Microsoft Windows 7 | ||
Microsoft Windows 7 | ||
Microsoft Windows Server | =r2 | |
Microsoft Windows Server | =r2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2011-1252 is classified as a moderate severity vulnerability due to its potential impact on web application security.
To fix CVE-2011-1252, ensure that you update Microsoft Internet Explorer to the latest version, along with any applicable security patches.
CVE-2011-1252 affects multiple versions of Microsoft Internet Explorer, specifically versions 7 and 8, and various SharePoint and server products.
CVE-2011-1252 is a cross-site scripting (XSS) vulnerability, which can allow attackers to execute arbitrary scripts in the context of a user's browser.
While using a different browser may reduce exposure to CVE-2011-1252, it is still recommended to address the vulnerability by updating affected software.