CVE-2011-1252: XSS
First published: Thu Jun 16 2011(Updated: )
Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Internet Explorer | =7 | |
| Any of | ||
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows XP | =sp3 | |
| Microsoft Windows XP | =sp2 | |
| All of | ||
| Internet Explorer | =8 | |
| Any of | ||
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows 7 | ||
| Microsoft Windows 7 | ||
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows XP | =sp3 | |
| Microsoft Windows XP | =sp2 | |
| Internet Explorer | =7 | |
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows XP | =sp3 | |
| Microsoft Windows XP | =sp2 | |
| Internet Explorer | =8 | |
| Microsoft Windows 7 | ||
| Microsoft Windows 7 | ||
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Server | =r2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.us-cert.gov/cas/techalerts/TA11-256A.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12885
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12577
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050
Frequently Asked Questions
What is the severity of CVE-2011-1252?
CVE-2011-1252 is classified as a moderate severity vulnerability due to its potential impact on web application security.
How do I fix CVE-2011-1252?
To fix CVE-2011-1252, ensure that you update Microsoft Internet Explorer to the latest version, along with any applicable security patches.
What systems are affected by CVE-2011-1252?
CVE-2011-1252 affects multiple versions of Microsoft Internet Explorer, specifically versions 7 and 8, and various SharePoint and server products.
What type of vulnerability is CVE-2011-1252?
CVE-2011-1252 is a cross-site scripting (XSS) vulnerability, which can allow attackers to execute arbitrary scripts in the context of a user's browser.
Can I use a different browser to avoid CVE-2011-1252?
While using a different browser may reduce exposure to CVE-2011-1252, it is still recommended to address the vulnerability by updating affected software.
- collector/nvd-historical
- agent/type
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/source
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/microsoft
- canonical/internet explorer
- version/internet explorer/7
- canonical/microsoft windows server 2003
- version/microsoft windows server 2003/sp2
- canonical/microsoft windows server
- version/microsoft windows server/sp2
- canonical/microsoft windows vista
- version/microsoft windows vista/sp1
- version/microsoft windows vista/sp2
- canonical/microsoft windows xp
- version/microsoft windows xp/sp3
- version/microsoft windows xp/sp2
- version/internet explorer/8
- canonical/microsoft windows 7
- version/microsoft windows server/r2