Title

Microsoft Visual Studio Team Foundation Server Cross Site Scripting Vulnerability (MS12-061) (Cat II impact)

Discussion

Microsoft has released a security bulletin addressing a vulnerability in Microsoft Visual Studio Team Foundation Server. To exploit this vulnerability, an attacker would entice a user of an affected system to open a malicious link hosted on a web page or sent via email. If successfully exploited, this vulnerability would allow an attacker to execute arbitrary code and compromise the affected system.

Check Content

See IAVM notice and vendor bulletin for additional information. Microsoft bulletin MS12-061 (2719584) Vulnerable Applications/Systems: Visual Studio Team Foundation Server 2010 SP1 Verify the patch has been installed by checking that the following sample files are at the version indicated or later. See the vendor bulletin for additional information and any Vulnerable Applications/Systems not listed below. Microsoft.TeamFoundation.WebAccess.dll Visual Studio Team Foundation Server 2010 SP1 - 10.0.40219.417

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-33787

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.