MS12-062 Vulnerability in System Center Configuration Manager Could Allow Elevation of Privilege
2012-09-11 This security update resolves a privately reported vulnerability in Microsoft System Center Configuration Manager. The vulnerability could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to persuade users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website.
Vulnerabilities addressed in this bulletin:
Bulletin details at Microsoft.com
Vulnerabilities addressed in this bulletin:
- Reflected XSS Vulnerability
- A cross-site scripting (XSS) vulnerability exists in System Center Configuration Manager where code can be injected back to the user in the resulting page, effectively allowing attacker-controlled code to run in the context of the user clicking the link.
CVE-2012-2536
Bulletin details at Microsoft.com
Related CVE Entries
Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability."
Max CVSS
4.3
EPSS Score
95.43%
Published
2012-09-11
Updated
2018-10-12