MS15-087 Vulnerability in UDDI Services Could Allow Elevation of Privilege
2015-08-11 This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker engineered a cross-site scripting (XSS) scenario by inserting a malicious script into a webpage search parameter. A user would have to visit a specially crafted webpage where the malicious script would then be executed.
Vulnerabilities addressed in this bulletin:
Bulletin details at Microsoft.com
Vulnerabilities addressed in this bulletin:
- UDDI Services Elevation of Privilege Vulnerability
- An elevation of privilege exists in Microsoft Windows when the Universal Description, Discovery, and Integration (UDDI) Services improperly validate or sanitize the search parameter in a FRAME tag. An attacker who successfully exploited this vulnerability could leak authorization cookies or unexpectedly redirect a user to a malicious webpage.
CVE-2015-2475
Bulletin details at Microsoft.com
Related CVE Entries
Cross-site scripting (XSS) vulnerability in uddi/search/frames.aspx in the UDDI Services component in Microsoft Windows Server 2008 SP2 and BizTalk Server 2010, 2013 Gold, and 2013 R2 allows remote attackers to inject arbitrary web script or HTML via the search parameter, aka "UDDI Services Elevation of Privilege Vulnerability."
Max CVSS
4.3
EPSS Score
7.21%
Published
2015-08-15
Updated
2018-10-12