This host is missing an important security update according to Microsoft Bulletin MS12-007.
Successful exploitation could allow attackers to bypass the filter and conduct cross-site scripting attacks. Successful exploits may allow attackers to execute arbitrary script code and steal cookie-based authentication credentials. Impact Level: Application
Upgrade to Microsoft Anti-Cross Site Scripting Library version 4.2.1 For updates refer to http://technet.microsoft.com/en-us/security/bulletin/ms12-007
The flaw is due to error in library which fails to properly filter HTML code from user-supplied input. A remote user may be able to exploit a target application that uses the library to cause arbitrary scripting code to be executed by the target user's browser.
Microsoft Anti-Cross Site Scripting Library version 3.x Microsoft Anti-Cross Site Scripting Library version 4.0
- Microsoft SQL Server Report Manager Cross Site Scripting Vulnerability (2754849)
- Microsoft Windows Defender Privilege Elevation Vulnerability (2847927)
- Microsoft Windows 'HTTP.sys' Denial of Service Vulnerability (2829254)
- Microsoft Windows Local Procedure Call Local Privilege Escalation Vulnerability (2898715)
- Microsoft SharePoint SafeHTML Information Disclosure Vulnerabilities (2412048)