Jump to content

MS12-040 - Important : Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevatio

Featured Replies

Posted
  • FPCH Admin

Severity Rating: Important

Revision Note: V1.0 (June 12, 2012): Bulletin published.

Summary: This security update resolves one privately reported vulnerability in Microsoft Dynamics AX Enterprise Portal. The vulnerability could allow elevation of privilege if a user clicks a specially crafted URL or visits a specially crafted website. In an email attack scenario, an attacker could exploit the vulnerability by sending an email message that contains the specially crafted URL to the user of the targeted Microsoft Dynamics AX Enterprise Portal site and by convincing the user to click the specially crafted URL. Internet Explorer 8 and Internet Explorer 9 users browsing to a Microsoft Dynamics AX Enterprise Portal site in the Internet Zone are at a reduced risk. By default, the XSS Filter in Internet Explorer 8 and Internet Explorer 9 prevents this attack in the Internet Zone. However, the XSS Filter in Internet Explorer 8 and Internet Explorer 9 is not enabled by default in the Intranet Zone.

 

View this security bulletin

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...