Title

Multiple Vulnerabilities in Microsoft Office SharePoint (Cat II impact)

Discussion

Microsoft has addressed multiple vulnerabilities affecting Microsoft Office SharePoint. Microsoft SharePoint is an integrated server application providing content management and search capabilities To exploit these vulnerabilities, an attacker would create and send a malicious request to an affected SharePoint server or site. If successfully exploited, these vulnerabilities would allow an attacker to perform cross-site scripting attacks against an affected systems resulting in elevation of privileges, sensitive information disclosure or denial of service condition. At this time, there are no known exploits associated with these vulnerabilities; USCYBERCOM is not aware of any DoD related incidents. Help.aspx XSS Vulnerability - (CVE-2010-0817): A cross-site scripting and spoofing vulnerability exists in Microsoft Windows SharePoint Services 3.0 and Microsoft Office SharePoint Server 2007 that could allow an attacker to convince a user to run a malicious script. An attacker who successfully exploited the vulnerability could modify Web browser caches and intermediate proxy server caches. Additionally, an attacker could put spoofed content into those caches. An attacker may also be able to exploit the vulnerability to perform cross-site scripting attacks. toStatic HTML Vulnerability - (CVE-2010-1257): An information disclosure vulnerability exists in the way that the SharePoint toStaticHTML API sanitizes HTML, that could allow an attacker to perform cross-site scripting attacks and run script in the security context of the logged-on user. SharePoint Help Page Denial of Service Vulnerability - (CVE-2010-1264): A denial of service vulnerability exists in the way that Microsoft SharePoint handles specially crafted requests to the help page. An attacker could exploit the vulnerability by sending specially crafted packets to the targeted SharePoint server which could cause the Web server to become non-responsive until the associated application pool is restarted.

Check Content

See IAVM notice and vendor bulletin for additional information. Microsoft Bulletin MS10-039 (2028554). Vulnerable Applications/Systems: Microsoft Office Software Microsoft Office InfoPath 2003 SP 3 (KB980923) Microsoft Office InfoPath 2007 SP 1 and SP 2 (KB979441) Microsoft Office SharePoint Server 2007 SP 1 and SP2 (x86 and x64)[1] (KB979445) Windows SharePoint Services Microsoft Windows SharePoint Services 3.0 SP 1 and SP 2 (x86 and x64) (KB983444) [1]For supported editions of Microsoft Office SharePoint Server 2007, in addition to security update package KB979445, customers also need to install the security update for Microsoft Windows SharePoint Services 3.0 (KB982331) to be protected from the vulnerabilities described in this bulletin. Verify that the patch has been installed by checking that the following sample file is at the version indicated or later. See the vendor bulletin for additional information and any Vulnerable Systems\Applications not listed below. Infopath.exe InfoPath 2003 11.0.8233.0 InfoPath 2007 12.0.6529.5000 Sharepointpub.dll SharePoint Server 2007 (x86) 12.0.6524.5001 Stsom.dll SharePoint Server 2007 (x64) 12.0.6524.5003 SharePoint Services 3.0 12.0.6535.5003

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-24377

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.