VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 16, 2011· Updated Apr 29, 2026

CVE-2011-1264

CVE-2011-1264

Description

Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory Certificate Services Vulnerability."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cross-site scripting in Active Directory Certificate Services Web Enrollment allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.

Vulnerability

A cross-site scripting (XSS) vulnerability exists in the Active Directory Certificate Services Web Enrollment site on Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, R2, and R2 SP1. The flaw occurs because the site does not properly validate an unspecified input parameter, allowing an attacker to inject arbitrary web script or HTML [1].

Exploitation

An attacker must send a specially crafted link to a target user and convince them to click it. The attacker cannot force the user to visit the vulnerable site; instead, they must rely on social engineering, typically via email or instant messaging [1].

Impact

Successful exploitation enables the attacker to execute arbitrary commands in the security context of the target user, leading to elevation of privilege. This could result in disclosure of sensitive information, modification of data, or other malicious actions within the affected web application [1].

Mitigation

Microsoft released security update MS11-051 on June 14, 2011, which addresses the vulnerability by correcting input validation in the Web Enrollment site. Customers with automatic updating enabled will receive the update automatically; others should apply it manually. No workarounds are documented [1].

References
  1. Microsoft Security Bulletin MS11-051 - Important

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

8
  • Microsoft/Windows Server 20032 versions
    cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
  • Microsoft/Windows Server 20085 versions
    cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*+ 4 more
    • cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
  • Microsoft/Active Directory Certificate Services Web Enrollmentllm-create

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.