Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Microsoft SharePoint vulnerabilities could allow escalation of privilege


Report ID: MS201207008
Date Published: 16 July 2012

Criticality: Important
Compromise Type: information-disclosure cross-site-scripting
Compromise From: remote


Affected Product/Component:

Microsoft InfoPath 2007
Microsoft InfoPath 2010
Microsoft Office SharePoint Server 2007
Microsoft Groove Server 2010
Microsoft Windows SharePoint Services 3.0
Microsoft SharePoint Foundation 2010
Microsoft Office Web Apps 2010




Summary

Six vulnerabilities identified in Microsoft SharePoint and Windows SharePoint Services could lead to information disclosure and cross-site scripting attack.



Detailed Description

Microsoft has released a security update to address multiple vulnerabilities involving SharePoint services. Six vulnerabilities were identified, three of which leads to cross-site scripting, two leads to information disclosure, and one leads to spoofing.  They were caused by several factors, such as incorrect sanitization of HTML strings, improper handling of Javascript elements, improper validation of URL, and improper validation of search scope permissions.

All of the identified issues have been resolved by making necessary corrections and modifications. Users are recommended to install the latest update onto their system as a protection measure against potential exploit attempts.




CVE Reference

CVE-2012-1858, CVE-2012-1859, CVE-2012-1860, CVE-2012-1861, CVE-2012-1862, CVE-2012-1863



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-050)



Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.