CVE-2012-1858

Name: CVE-2012-1858
Creator: NVD / NIST
Published: 2012-06-12T22:55:01.547+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 22.02%

Last modified Jun 16, 2026

CVE-2012-1858 is a vulnerability of currently unknown severity. The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability.". EPSS estimates a 22.02% chance of exploitation in the next 30 days.

Description

The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."

Metrics

EPSS Probability

22.02%

97.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-200

Affected Software

Vendor	Product	Versions	Update
Microsoft	Lync	2010	—
Microsoft	Office Communicator	2007	R2
Microsoft	Internet Explorer	8	—
Microsoft	Internet Explorer	9	—

References

Timeline

Published: Jun 12, 2012
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2012-1858?

How severe is CVE-2012-1858?

Severity scoring for CVE-2012-1858 is pending analysis. The EPSS model estimates a 22.02% probability of exploitation in the next 30 days.

How do I fix CVE-2012-1858?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2012-1858?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST