Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Microsoft Office vulnerability could allow escalation of privilege


Report ID: MS201304008
Date Published: 10 April 2013

Criticality: Important
Compromise Type: privilege-escalation
Compromise From: remote


Affected Product/Component:

Microsoft InfoPath 2010
Microsoft SharePoint Server 2010
Microsoft SharePoint Foundation 2010
Microsoft Groove Server 2010
Microsoft Office Web Apps 2010




Summary

A vulnerability involving HTML string sanitization in Microsoft Office and Microsoft Server software could be exploited by an attacker to gain escalated privileges on an affected system.



Detailed Description

Microsoft has released a security update to address a vulnerability found in several Microsoft Office and Microsoft Server software, caused by an error in the way that HTML string are sanitized. If successfully exploited, an attacker could be able to perform cross site scripting attacks and run script in the context of the current user.

This vulnerability issue has been resolved through the update which introduces a modification in the way that HTML strings are sanitized. Users are recommended to install the update as a protection measure against possible exploit attempts.



CVE Reference

CVE-2013-1289



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-035)



Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.