Windows : Microsoft Bulletins : Microsoft SharePoint Multiple Privilege Escalation Vulnerabilities (2451858)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.902625

Categoría: Windows : Microsoft Bulletins

Título: Microsoft SharePoint Multiple Privilege Escalation Vulnerabilities (2451858)

Resumen: This host is missing an important security update according to; Microsoft Bulletin MS11-074.

Descripción: Summary:
This host is missing an important security update according to
Microsoft Bulletin MS11-074.

Vulnerability Insight:
Multiple flaws are due to the way Microsoft SharePoint validates and
sanitizes user input, parses malicious XML and XSL files and handles
script contained inside of specific request parameter.

Vulnerability Impact:
Successful exploitation could allow remote attackers to execute arbitrary
code on the system with elevated privileges via a specially crafted URL or
or a crafted Web site.

Affected Software/OS:
- Microsoft Windows SharePoint Services 2.0

- Microsoft Groove 2007 Service Pack 2 and prior

- Microsoft Office SharePoint Server 2007 Service Pack 2

- Microsoft Windows SharePoint Services 3.0 Service Pack 2

- Microsoft Office SharePoint Workspace 2010 Service Pack 1 and prior

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-0653
Cert/CC Advisory: TA11-256A
http://www.us-cert.gov/cas/techalerts/TA11-256A.html
Microsoft Security Bulletin: MS11-074
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12835
Common Vulnerability Exposure (CVE) ID: CVE-2011-1252
Microsoft Security Bulletin: MS11-050
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12577
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12885
Common Vulnerability Exposure (CVE) ID: CVE-2011-1890
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12788
Common Vulnerability Exposure (CVE) ID: CVE-2011-1891
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12864
Common Vulnerability Exposure (CVE) ID: CVE-2011-1892
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12907
http://securityreason.com/securityalert/8386
Common Vulnerability Exposure (CVE) ID: CVE-2011-1893
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12676

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.902625
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft SharePoint Multiple Privilege Escalation Vulnerabilities (2451858)
Resumen:	This host is missing an important security update according to; Microsoft Bulletin MS11-074.
Descripción:	Summary: This host is missing an important security update according to Microsoft Bulletin MS11-074. Vulnerability Insight: Multiple flaws are due to the way Microsoft SharePoint validates and sanitizes user input, parses malicious XML and XSL files and handles script contained inside of specific request parameter. Vulnerability Impact: Successful exploitation could allow remote attackers to execute arbitrary code on the system with elevated privileges via a specially crafted URL or or a crafted Web site. Affected Software/OS: - Microsoft Windows SharePoint Services 2.0 - Microsoft Groove 2007 Service Pack 2 and prior - Microsoft Office SharePoint Server 2007 Service Pack 2 - Microsoft Windows SharePoint Services 3.0 Service Pack 2 - Microsoft Office SharePoint Workspace 2010 Service Pack 1 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0653 Cert/CC Advisory: TA11-256A http://www.us-cert.gov/cas/techalerts/TA11-256A.html Microsoft Security Bulletin: MS11-074 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12835 Common Vulnerability Exposure (CVE) ID: CVE-2011-1252 Microsoft Security Bulletin: MS11-050 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12577 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12885 Common Vulnerability Exposure (CVE) ID: CVE-2011-1890 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12788 Common Vulnerability Exposure (CVE) ID: CVE-2011-1891 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12864 Common Vulnerability Exposure (CVE) ID: CVE-2011-1892 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12907 http://securityreason.com/securityalert/8386 Common Vulnerability Exposure (CVE) ID: CVE-2011-1893 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12676
Copyright	Copyright (C) 2011 Greenbone AG