MS12-040: Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevation of Privilege (2709100)

Issued: 12 JUN 2012

Internet Security Systems Guidance

This bulletin addressed a single vulnerability in Microsoft Dynamics AX Enterprise Portal that could allow a cross site scripting attack by injecting JavaScript into a Portal's variable.

Coverage Related CVEs Coverage Date Exploit Dates Content Update Versions
Cross_Site_Scripting CVE-2012-1857
 11 NOV 2008 N/A BlackICE Server Protection 3.6.crk
IBM Security Host Protection for Desktops 2310
IBM Security Host Protection for Servers (Unix) 2.2.2
IBM Security Host Protection for Servers (Windows) 1.0.914.2310
IBM Security Host Protection for Servers (Windows) 2.0.300.2310
IBM Security Host Protection for Servers (Windows) 2.1.14.2400
Proventia Network IDS XPU 28.170
Proventia Network IPS XPU 28.170
Proventia Network MFS XPU 28.170
Proventia Server IPS for Linux technology 28.170
Proventia-G 1.1 and earlier XPU 28.170
RealSecure Network XPU 28.170
RealSecure Server Sensor XPU 28.170
Virtual Server Protection for Vmware 1.0
win-ms12kb2709100-update CVE-2012-1857
 13 JUN 2012 N/A Enterprise Scanner 1.94

References

Microsoft: http://technet.microsoft.com/en-us/security/bulletin/ms12-040
X-Force Database: http://xforce.iss.net/xforce/xfdb/75925
X-Force Database: http://xforce.iss.net/xforce/xfdb/75926