Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft SharePoint multiple security vulnerabilities
Published:09.06.2010
Source:
SecurityVulns ID:10915
Type:remote
Threat Level:
6/10
Description:Crossite scripting, information leak, DoS.
Affected:MICROSOFT : SharePoint Server 2007
 MICROSOFT : InfoPath 2003
 MICROSOFT : InfoPath 2007
 MICROSOFT : SharePoint Services 3.0
CVE:CVE-2010-1264 (Unspecified vulnerability in Microsoft Windows SharePoint Services 3.0 SP1 and SP2 allows remote attackers to cause a denial of service (hang) via crafted requests to the Help page that cause repeated restarts of the application pool, aka "Sharepoint Help Page Denial of Service Vulnerability.")
 CVE-2010-1257 (Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization.)
 CVE-2010-0817 (Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter.)
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS10-039 - Important Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554) (09.06.2010)
Files:Microsoft Security Bulletin MS10-039 - Important Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod