Microsoft Office vulnerability could allow escalation of privilege
Report ID: MS201304008
Date Published: 10 April 2013
Compromise Type: privilege-escalation
Compromise From: remote
Microsoft InfoPath 2010
Microsoft SharePoint Server 2010
Microsoft SharePoint Foundation 2010
Microsoft Groove Server 2010
Microsoft Office Web Apps 2010
A vulnerability involving HTML string sanitization in Microsoft Office and Microsoft Server software could be exploited by an attacker to gain escalated privileges on an affected system.
Microsoft has released a security update to address a vulnerability found in several Microsoft Office and Microsoft Server software, caused by an error in the way that HTML string are sanitized. If successfully exploited, an attacker could be able to perform cross site scripting attacks and run script in the context of the current user.
This vulnerability issue has been resolved through the update which introduces a modification in the way that HTML strings are sanitized. Users are recommended to install the update as a protection measure against possible exploit attempts.
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-035)
F-Secure Health Check
F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.