(MS12-061) Vulnerability in Visual Studio Team Foundation Server Could Allow Elevation of Privilege (2719584)
Publish date: 12 de septiembre de 2012
Gravedad: High
Identificadores de CVE : CVE-2012-1892
Fecha recomendada: 12 de septiembre de 2012
Descripción
This patch resolves a cross-site scripting (XSS) vulnerability found in Visual Studio Team Foundation Server. When exploited, an attacker can use the vulnerability to inject a script to a browser using Team Foundation Server web access. Attackers looking to exploit this vulnerability may set up a page where it hosts the exploit code and entice users to click on a link that redirects to the page.
Internet Explorer 8 and 9 users must enable the XSS Filter feature to be actively protected against attacks using this vulnerability.
Soluciones
Software y versión afectados
- Microsoft Visual Studio Team Foundation Server 2010 Service Pack 1