(MS12-040) Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevation of Privilege (2709100)

• Email
• Facebook
• Twitter
• Google+
• Linkedin

  Severity: HIGH

  CVE Identifier: CVE-2012-1857

  Advisory Date: JUN 13, 2012

---

  DESCRIPTION

A cross-site scripting vulnerability in Microsoft Dynamics AX Enterprise Portal exists that may allow an attacker to gain an elevation of privilege on a vulnerable system. The attacker must lure a potential victim to click on a specially crafted URL that hosts an exploit to the said vulnerability.

  SOLUTION

  PATCH: http://technet.microsoft.com/en-us/security/bulletin/ms12-040

  AFFECTED SOFTWARE AND VERSION

• Microsoft Dynamics AX 2012

Related Vulnerability

• June 2012 - Microsoft Releases 7 Security Advisories