Active Directory Certificate Services Web Enrollment Elevation Of Privilege Vulnerability (2518295) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS11-051.

Impact

Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/MS11-051.mspx

Insight

The flaw is caused by improper input validation of a request parameter on an Active Directory Certificate Services Web Enrollment site.

Affected

Active Directory Certificate Services, - Microsoft Windows 2K3 Service Pack 2 and prior - Microsoft Windows Server 2008 Service Pack 2 and prior

References

http://support.microsoft.com/kb/2518295
http://www.microsoft.com/technet/security/bulletin/MS11-051.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1264
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Microsoft FrontPage Information Disclosure Vulnerability (2825621)
Microsoft Windows Search Script Execution Vulnerability (963093)
IE VBScript Handling patch (Q318089)
Microsoft System Center Configuration Manager XSS Vulnerability (2741528)
Microsoft Windows Active Directory Denial of Service Vulnerability (2853587)

Active Directory Certificate Services Web Enrollment Elevation of Privilege Vulnerability (2518295)

Take action and discover your vulnerabilities