CVE-2012-0007

Vulnerability

The Microsoft Anti-Cross Site Scripting (AntiXSS) Library versions 3.x and 4.0 contain a vulnerability in the sanitization module where it does not properly evaluate characters after detecting a Cascading Style Sheets (CSS) escaped character. This allows an attacker to bypass the library's XSS filtering by injecting specially crafted HTML input that includes a CSS escape sequence. Only websites that use the sanitization function of the AntiXSS Library are affected [1].

Exploitation

An attacker can exploit this vulnerability by sending a malicious script embedded in HTML input to a website that uses the affected AntiXSS Library for sanitization. The attacker does not require authentication or any special network position; the attack is remote and can be performed by any user who can submit data to the target site. The crafted input must include a CSS escaped character followed by additional characters that the library fails to evaluate, causing the sanitizer to incorrectly allow the malicious script to pass through [1].

Impact

Successful exploitation leads to cross-site scripting (XSS), which can result in information disclosure. The attacker may be able to steal sensitive data such as session tokens, cookies, or other information accessible in the context of the vulnerable website. The vulnerability does not allow direct code execution or privilege escalation, but the disclosed information could be used to further compromise the system [1][2].

Mitigation

Microsoft released security update MS12-007 on January 10, 2012, which upgrades the AntiXSS Library to a version that is not affected by this vulnerability. Customers are advised to apply the update at the earliest opportunity. No workarounds are documented for this vulnerability [1][2].