First published: Tue Oct 09 2012(Updated: )
Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Groove Management Server | =2010-sp1 | |
Microsoft InfoPath 2016 | =2007-sp2 | |
Microsoft InfoPath 2016 | =2010-sp1 | |
Microsoft Lync 2010 | =2010 | |
Microsoft Lync 2010 | =2010 | |
Microsoft Office Communicator | =2007-r2 | |
Microsoft Office Web Apps | =2010-sp1 | |
Microsoft SharePoint Foundation 2013 | =2010-sp1 | |
Microsoft SharePoint Server 2010 | =2007-sp2 | |
Microsoft SharePoint Server 2010 | =2007-sp3 | |
Microsoft SharePoint Server 2010 | =2010-sp1 | |
Microsoft SharePoint Services | =3.0-sp2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2012-2520 is classified as a high-severity cross-site scripting (XSS) vulnerability.
To address CVE-2012-2520, update the affected Microsoft software to the latest service packs or versions provided by Microsoft.
CVE-2012-2520 affects multiple Microsoft products including InfoPath, Communicator, Lync, SharePoint Server, and Office Web Apps.
Exploiting CVE-2012-2520 can allow attackers to execute arbitrary scripts in the context of a user's session.
There are no specific workarounds for CVE-2012-2520, and the best mitigation is to apply the available updates.