CVE-2012-1858

CVE Database · CVE-2012-1858

CVE-2012-1858

· N/AModified

CVSS v3.1

N/A

EPSS

22.02%

Published

Jun 12, 2012

Modified

Apr 28, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBMicrosoft Internet Explorer 9 / SharePoint / Lync - toStaticHTML HTML Sanitizing Bypass (MS12-037/MS12-039/MS12-050)TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."

Weaknesses (CWE)

CWE-200

Affected Products (30)

microsoft · lyncvulnerable

microsoft · office_communicatorvulnerable

microsoft · internet_explorervulnerable

microsoft · windows_2003_server

microsoft · windows_7

microsoft · windows_server_2003

microsoft · windows_server_2008