Oval Definition:oval:org.mitre.oval:def:12749
Revision Date:2012-03-26Version:11
Title:Active Directory Certificate Services Vulnerability
Description:Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory Certificate Services Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2011-1264
Platform(s):Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s):
Definition Synopsis
  • Windows Server 2003 x86/x64 SP2, Windows Server 2008 x86/x64, Windows Server 2008 SP2 x86/x64, Windows Server 2008 R2 x64, Windows Server 2008 R2 x64 SP1
  • Microsoft Windows Server 2003 SP2 (x86) is installed
  • OR Microsoft Windows Server 2003 SP2 (x64) is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 R2 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed
  • AND the system is being used as Primary Domain Controller (DomainRole is 5)
  • AND Active Directory Certificate Services are enabled
  • AND NOT KB2518295 is installed
    • BACK