OVAL Reference oval:org.mitre.oval:def:15530

Oval Definition:

oval:org.mitre.oval:def:15530

Revision Date:	2014-12-08	Version:	73
Title:	HTML Sanitization Vulnerability - MS12-050
Description:	The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
Family:	windows	Class:	vulnerability
Status:	ACCEPTED	Reference(s):	CVE-2012-1858
Platform(s):	Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP	Product(s):	Microsoft Communicator 2007 R2 Microsoft Groove Server 2010 Microsoft InfoPath 2007 Microsoft InfoPath 2010 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Lync 2010 Microsoft Lync 2010 Attendee Microsoft SharePoint Foundation 2010 Microsoft SharePoint Server 2007 Microsoft SharePoint Server 2010 Microsoft SharePoint Services 3.0
Definition Synopsis
IE8 and XP/2K3 Microsoft Internet Explorer 8 is installed AND Win Vista / 2K8 Microsoft Windows XP (32-bit) is installed OR Microsoft Windows Server 2003 (32-bit) is installed OR Microsoft Windows Server 2003 (x64) is installed OR Microsoft Windows XP x64 is installed AND Check for LDR/GDR Check if the version of mshtml.dll is less than 8.0.6001.19258 OR Check for LDR Check for mshtml.dll version greater than or equal to 8.0.6001.23000 AND Check if the version of mshtml.dll is less than 8.0.6001.23345 OR IE8 and vista/2k8 Microsoft Internet Explorer 8 is installed AND Vista/2K8 Microsoft Windows Server 2008 (32-bit) is installed OR Microsoft Windows Server 2008 (64-bit) is installed OR Microsoft Windows Vista (32-bit) is installed OR Microsoft Windows Vista x64 Edition is installed AND Check for LDR/GDR Check if the version of mshtml.dll is less than 8.0.6001.19272 OR Check for LDR Check for mshtml.dll version greater than or equal to 8.0.6001.23000 AND Check if the version of mshtml.dll is less than 8.0.6001.23359 OR IE9 and Vista/2K8/Win7/2008 R2 Vista/2K8/Win7/R2 Microsoft Windows Server 2008 (32-bit) is installed OR Microsoft Windows Server 2008 (64-bit) is installed OR Microsoft Windows Server 2008 R2 x64 Edition is installed OR Microsoft Windows Vista (32-bit) is installed OR Microsoft Windows Vista x64 Edition is installed OR Microsoft Windows 7 (32-bit) is installed OR Microsoft Windows 7 x64 Edition is installed AND Check for LDR/GDR Check if the version of mshtml.dll is less than 9.0.8112.16446 OR Check for LDR Check if the version of mshtml.dll is greater than or equal to 9.0.8112.20000 AND Check if the version of mshtml.dll is less than 9.0.8112.20551 AND Microsoft Internet Explorer 9 is installed OR IE 8 and Win7 / Win 2k8 R2 Microsoft Internet Explorer 8 is installed AND Win 7 / 2K8 R2 IE8 and Win 7/2K8 R2 Win 7 / Win 2K8 R2 Microsoft Windows 7 is installed OR Microsoft Windows Server 2008 R2 x64 Edition is installed OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Check for LDR/GDR Check if the version of mshtml.dll is less than 8.0.7600.17006 OR Win 7 / 2K8 R2 and IE8 Win 7 / Win 2K8 R2 Microsoft Windows Server 2008 R2 x64 Edition is installed OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed OR Microsoft Windows 7 (32-bit) is installed OR Microsoft Windows 7 x64 Edition is installed AND Check for LDR/GDR Check if the version of mshtml.dll is less than 8.0.7601.17824 OR Check for vulnerable communicator 2007 r2 Microsoft Communicator 2007 R2 is installed AND Check if version of Communicator.exe (Communicator 2007 R2) is less than 3.5.6907.253 OR Check for vulnerable lync 2010 Microsoft Lync 2010 is installed AND Check if version of Communicator.exe (Lync 2010) is less than 4.0.7577.4098 OR Check for vulnerable lync 2010 attendee (admin) Microsoft Lync 2010 Attendee (user level install) is installed AND Check if version of ogl.dll (Lync 2010 Attendee for admin) is less than 4.0.7577.4098 OR Check for vulnerable lync 2010 attendee (user) Microsoft Lync 2010 Attendee (admin level install) is installed AND Check if version of ogl.dll (Lync 2010 Attendee for user) is less than 4.0.7577.4098 OR infopath 2007/2010 infopath 2010/2007 sp2/sp3 Microsoft InfoPath 2007 Service Pack 2 is installed OR Microsoft InfoPath 2007 Service Pack 3 is installed AND infopath.exe or ipeditor.dll Check if the version of infopath.exe is less than 12.0.6661.5000 OR Check if the version of Ipeditor.dll is less than 12.0.6661.5000 OR sharepoint server 2007 sp2/sp3 sp2/sp3 Microsoft Office SharePoint Server 2007 SP2 is installed OR Microsoft Office SharePoint Server 2007 SP3 is installed AND Check if the version of Microsoft.sharepoint.publishing.dll is less than 12.0.6660.5000 OR sharepoint foundation 2010 sharepoint foundation 2010/sp1 Microsoft SharePoint Foundation 2010 Service Pack 1 is installed OR Microsoft Office SharePoint Server 2010 is installed. AND Check if the version of Onfda.dll is less than 14.0.6106.5000 OR groove server 2010 groove server/sp1 Microsoft Groove Server 2010 Service Pack 1 is installed OR Microsoft Groove Server 2010 is installed AND Check if the version of svrsetup.dll is less than 14.0.6120.5000 OR sharepoint server 2010 sharepoint server 2010/sp1 Microsoft SharePoint Server 2010 Service Pack 1 is installed OR Microsoft Office SharePoint Server 2010 is installed. AND Check if the version of Microsoft.office.server.native.dll is less than 14.0.6108.5000 OR infopath 2010 Microsoft InfoPath 2010 is installed AND infopath.exe or ipeditor.dll Check if the version of infopath.exe is less than 14.0.6120.5000 OR Check if the version of Ipeditor.dll is less than 14.0.6120.5000 OR sharepoint services 3.0 Check if the version of Onetutil.dll is less than 12.0.6661.5000 AND Microsoft Windows SharePoint Services 3.0 SP2 is installed

BACK