Windows : Microsoft Bulletins : Microsoft SharePoint Privilege Elevation Vulnerabilities (2028554)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.902069

Kategorie: Windows : Microsoft Bulletins

Titel: Microsoft SharePoint Privilege Elevation Vulnerabilities (2028554)

Zusammenfassung: This host is missing a critical security update according to; Microsoft Bulletin MS10-039.

Beschreibung: Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS10-039.

Vulnerability Insight:
The flaws are due to:

- An error within the 'help.aspx' page, which could allow cross-site scripting
attacks

- An error in the way that the 'toStaticHTML' API sanitizes HTML on a SharePoint
site, which could allow cross-site scripting attacks

- An error when handling specially crafted requests sent to the Help page, which
could allow attackers to cause a denial of service

Vulnerability Impact:
Successful exploitation could allow attackers to attackers to gain knowledge
of sensitive information or cause a denial of service.

Affected Software/OS:
- Microsoft Office InfoPath 2003 Service Pack 3

- Microsoft Office InfoPath 2007 Service Pack 1/2

- Microsoft Office SharePoint Server 2007 Service Pack 2

- Microsoft Windows SharePoint Services 3.0 Service Pack 1/2

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2010-1257
BugTraq ID: 40409
http://www.securityfocus.com/bid/40409
Cert/CC Advisory: TA10-159B
http://www.us-cert.gov/cas/techalerts/TA10-159B.html
Microsoft Security Bulletin: MS10-035
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-035
Microsoft Security Bulletin: MS10-039
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-039
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6677
XForce ISS Database: ie-tostatichtml-information-disclosure(58866)
https://exchange.xforce.ibmcloud.com/vulnerabilities/58866
Common Vulnerability Exposure (CVE) ID: CVE-2010-1264
BugTraq ID: 40559
http://www.securityfocus.com/bid/40559
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7241

Copyright Copyright (C) 2010 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.902069
Kategorie:	Windows : Microsoft Bulletins
Titel:	Microsoft SharePoint Privilege Elevation Vulnerabilities (2028554)
Zusammenfassung:	This host is missing a critical security update according to; Microsoft Bulletin MS10-039.
Beschreibung:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS10-039. Vulnerability Insight: The flaws are due to: - An error within the 'help.aspx' page, which could allow cross-site scripting attacks - An error in the way that the 'toStaticHTML' API sanitizes HTML on a SharePoint site, which could allow cross-site scripting attacks - An error when handling specially crafted requests sent to the Help page, which could allow attackers to cause a denial of service Vulnerability Impact: Successful exploitation could allow attackers to attackers to gain knowledge of sensitive information or cause a denial of service. Affected Software/OS: - Microsoft Office InfoPath 2003 Service Pack 3 - Microsoft Office InfoPath 2007 Service Pack 1/2 - Microsoft Office SharePoint Server 2007 Service Pack 2 - Microsoft Windows SharePoint Services 3.0 Service Pack 1/2 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1257 BugTraq ID: 40409 http://www.securityfocus.com/bid/40409 Cert/CC Advisory: TA10-159B http://www.us-cert.gov/cas/techalerts/TA10-159B.html Microsoft Security Bulletin: MS10-035 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-035 Microsoft Security Bulletin: MS10-039 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-039 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6677 XForce ISS Database: ie-tostatichtml-information-disclosure(58866) https://exchange.xforce.ibmcloud.com/vulnerabilities/58866 Common Vulnerability Exposure (CVE) ID: CVE-2010-1264 BugTraq ID: 40559 http://www.securityfocus.com/bid/40559 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7241
Copyright	Copyright (C) 2010 Greenbone AG