Windows : Microsoft Bulletins : Microsoft SharePoint Privilege Elevation Vulnerabilities (2028554)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.902069

Categoría: Windows : Microsoft Bulletins

Título: Microsoft SharePoint Privilege Elevation Vulnerabilities (2028554)

Resumen: This host is missing a critical security update according to; Microsoft Bulletin MS10-039.

Descripción: Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS10-039.

Vulnerability Insight:
The flaws are due to:

- An error within the 'help.aspx' page, which could allow cross-site scripting
attacks

- An error in the way that the 'toStaticHTML' API sanitizes HTML on a SharePoint
site, which could allow cross-site scripting attacks

- An error when handling specially crafted requests sent to the Help page, which
could allow attackers to cause a denial of service

Vulnerability Impact:
Successful exploitation could allow attackers to attackers to gain knowledge
of sensitive information or cause a denial of service.

Affected Software/OS:
- Microsoft Office InfoPath 2003 Service Pack 3

- Microsoft Office InfoPath 2007 Service Pack 1/2

- Microsoft Office SharePoint Server 2007 Service Pack 2

- Microsoft Windows SharePoint Services 3.0 Service Pack 1/2

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-1257
BugTraq ID: 40409
http://www.securityfocus.com/bid/40409
Cert/CC Advisory: TA10-159B
http://www.us-cert.gov/cas/techalerts/TA10-159B.html
Microsoft Security Bulletin: MS10-035
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-035
Microsoft Security Bulletin: MS10-039
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-039
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6677
XForce ISS Database: ie-tostatichtml-information-disclosure(58866)
https://exchange.xforce.ibmcloud.com/vulnerabilities/58866
Common Vulnerability Exposure (CVE) ID: CVE-2010-1264
BugTraq ID: 40559
http://www.securityfocus.com/bid/40559
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7241

Copyright Copyright (C) 2010 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.902069
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft SharePoint Privilege Elevation Vulnerabilities (2028554)
Resumen:	This host is missing a critical security update according to; Microsoft Bulletin MS10-039.
Descripción:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS10-039. Vulnerability Insight: The flaws are due to: - An error within the 'help.aspx' page, which could allow cross-site scripting attacks - An error in the way that the 'toStaticHTML' API sanitizes HTML on a SharePoint site, which could allow cross-site scripting attacks - An error when handling specially crafted requests sent to the Help page, which could allow attackers to cause a denial of service Vulnerability Impact: Successful exploitation could allow attackers to attackers to gain knowledge of sensitive information or cause a denial of service. Affected Software/OS: - Microsoft Office InfoPath 2003 Service Pack 3 - Microsoft Office InfoPath 2007 Service Pack 1/2 - Microsoft Office SharePoint Server 2007 Service Pack 2 - Microsoft Windows SharePoint Services 3.0 Service Pack 1/2 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1257 BugTraq ID: 40409 http://www.securityfocus.com/bid/40409 Cert/CC Advisory: TA10-159B http://www.us-cert.gov/cas/techalerts/TA10-159B.html Microsoft Security Bulletin: MS10-035 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-035 Microsoft Security Bulletin: MS10-039 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-039 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6677 XForce ISS Database: ie-tostatichtml-information-disclosure(58866) https://exchange.xforce.ibmcloud.com/vulnerabilities/58866 Common Vulnerability Exposure (CVE) ID: CVE-2010-1264 BugTraq ID: 40559 http://www.securityfocus.com/bid/40559 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7241
Copyright	Copyright (C) 2010 Greenbone AG