Windows : Microsoft Bulletins : Microsoft SharePoint Multiple Privilege Elevation Vulnerabilities (2695502)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.902847

Categoría: Windows : Microsoft Bulletins

Título: Microsoft SharePoint Multiple Privilege Elevation Vulnerabilities (2695502)

Resumen: This host is missing an important security update according to; Microsoft Bulletin MS12-050.

Descripción: Summary:
This host is missing an important security update according to
Microsoft Bulletin MS12-050.

Vulnerability Insight:
- Certain input is not properly sanitised in the 'SafeHTML' API before being
returned to the user.

- Certain unspecified input is not properly sanitised in scriptresx.ashx
before being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context of
an affected site.

- An error when validating search scope permissions can be exploited to view
or modify another user's search scope.

- Certain unspecified input associated with a username is not properly
sanitised before being returned to the user. This can be exploited to
execute arbitrary HTML and script code in a user's browser session in
context of an affected site.

- Certain unspecified input associated with a URL is not properly verified
before being used to redirect users. This can be exploited to redirect a
user to an arbitrary website.

- Certain unspecified input associated with a reflected list parameter is
not properly sanitised before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a user's browser
session in context of an affected site.

Vulnerability Impact:
Successful exploitation could allow an attacker to bypass certain security
restrictions and conduct cross-site scripting and spoofing attacks.

Affected Software/OS:
- Microsoft InfoPath 2010

- Microsoft Groove Server 2010

- Microsoft Office Web Apps 2010

- Microsoft SharePoint Server 2010

- Microsoft SharePoint Foundation 2010

- Microsoft InfoPath 2007 Service Pack 2

- Microsoft InfoPath 2007 Service Pack 3

- Microsoft InfoPath 2010 Service Pack 1

- Microsoft Groove Server 2010 Service Pack 1

- Microsoft Office Web Apps 2010 Service Pack 1

- Microsoft SharePoint Server 2010 Service Pack 1

- Microsoft SharePoint Foundation 2010 Service Pack 1

- Microsoft Office SharePoint Server 2007 Service Pack 2

- Microsoft Office SharePoint Server 2007 Service Pack 3

- Microsoft Windows SharePoint Services 3.0 Service Pack 2

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-1858
Cert/CC Advisory: TA12-164A
http://www.us-cert.gov/cas/techalerts/TA12-164A.html
Cert/CC Advisory: TA12-192A
http://www.us-cert.gov/cas/techalerts/TA12-192A.html
Microsoft Security Bulletin: MS12-037
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037
Microsoft Security Bulletin: MS12-039
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039
Microsoft Security Bulletin: MS12-050
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15530
Common Vulnerability Exposure (CVE) ID: CVE-2012-1859
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15589
Common Vulnerability Exposure (CVE) ID: CVE-2012-1860
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15265
Common Vulnerability Exposure (CVE) ID: CVE-2012-1861
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15544
Common Vulnerability Exposure (CVE) ID: CVE-2012-1862
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15657
Common Vulnerability Exposure (CVE) ID: CVE-2012-1863
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15689

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.902847
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft SharePoint Multiple Privilege Elevation Vulnerabilities (2695502)
Resumen:	This host is missing an important security update according to; Microsoft Bulletin MS12-050.
Descripción:	Summary: This host is missing an important security update according to Microsoft Bulletin MS12-050. Vulnerability Insight: - Certain input is not properly sanitised in the 'SafeHTML' API before being returned to the user. - Certain unspecified input is not properly sanitised in scriptresx.ashx before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. - An error when validating search scope permissions can be exploited to view or modify another user's search scope. - Certain unspecified input associated with a username is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. - Certain unspecified input associated with a URL is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website. - Certain unspecified input associated with a reflected list parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Vulnerability Impact: Successful exploitation could allow an attacker to bypass certain security restrictions and conduct cross-site scripting and spoofing attacks. Affected Software/OS: - Microsoft InfoPath 2010 - Microsoft Groove Server 2010 - Microsoft Office Web Apps 2010 - Microsoft SharePoint Server 2010 - Microsoft SharePoint Foundation 2010 - Microsoft InfoPath 2007 Service Pack 2 - Microsoft InfoPath 2007 Service Pack 3 - Microsoft InfoPath 2010 Service Pack 1 - Microsoft Groove Server 2010 Service Pack 1 - Microsoft Office Web Apps 2010 Service Pack 1 - Microsoft SharePoint Server 2010 Service Pack 1 - Microsoft SharePoint Foundation 2010 Service Pack 1 - Microsoft Office SharePoint Server 2007 Service Pack 2 - Microsoft Office SharePoint Server 2007 Service Pack 3 - Microsoft Windows SharePoint Services 3.0 Service Pack 2 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1858 Cert/CC Advisory: TA12-164A http://www.us-cert.gov/cas/techalerts/TA12-164A.html Cert/CC Advisory: TA12-192A http://www.us-cert.gov/cas/techalerts/TA12-192A.html Microsoft Security Bulletin: MS12-037 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037 Microsoft Security Bulletin: MS12-039 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039 Microsoft Security Bulletin: MS12-050 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15530 Common Vulnerability Exposure (CVE) ID: CVE-2012-1859 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15589 Common Vulnerability Exposure (CVE) ID: CVE-2012-1860 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15265 Common Vulnerability Exposure (CVE) ID: CVE-2012-1861 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15544 Common Vulnerability Exposure (CVE) ID: CVE-2012-1862 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15657 Common Vulnerability Exposure (CVE) ID: CVE-2012-1863 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15689
Copyright	Copyright (C) 2012 Greenbone AG