Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
TitleVulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858)
Informations
NameMS11-074First vendor Publication2011-09-13
VendorMicrosoftLast vendor Modification2011-10-11
Severity (Vendor) ImportantRevision 1.3

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Severity Rating: Important

Revision Note: V1.3 (October 11, 2011): Announced changes to detection logic for some affected configurations. There were no changes to the security update files. See the Update FAQ for details.

Summary: This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft SharePoint and Windows SharePoint Services. The most severe vulnerabilities could allow elevation of privilege if a user clicked on a specially crafted URL or visited a specially crafted Web site. For the most severe vulnerabilities, Internet Explorer 8 and Internet Explorer 9 users browsing to a SharePoint site in the Internet Zone are at a reduced risk because, by default, the XSS Filter in Internet Explorer 8 and Internet Explorer 9 helps to block the attacks in the Internet Zone. The XSS Filter in Internet Explorer 8 and Internet Explorer 9, however, is not enabled by default in the Intranet Zone.

Original Source

Url : http://technet.microsoft.com/en-us/security/bulletin/ms11-074

CWE : Common Weakness Enumeration

idName
CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
CWE-200Information Exposure

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12835
 
Oval ID: oval:org.mitre.oval:def:12835
Title: XSS in SharePoint Calendar Vulnerability
Description: Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0653
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s): Microsoft SharePoint Server 2010
Microsoft SharePoint Foundation 2010
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12885
 
Oval ID: oval:org.mitre.oval:def:12885
Title: HTML Sanitization Vulnerability
Description: Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1252
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s): Microsoft SharePoint Server 2007
Microsoft SharePoint Server 2010
Microsoft Groove Server 2010
Microsoft Windows SharePoint Services 3.0
Microsoft SharePoint Foundation 2010
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12577
 
Oval ID: oval:org.mitre.oval:def:12577
Title: toStaticHTML Information Disclosure Vulnerability
Description: Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1252
Version: 10
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12788
 
Oval ID: oval:org.mitre.oval:def:12788
Title: Editform Script Injection Vulnerability
Description: Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1890
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s): Microsoft SharePoint Server 2010
Microsoft SharePoint Foundation 2010
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12864
 
Oval ID: oval:org.mitre.oval:def:12864
Title: Contact Details Reflected XSS Vulnerability
Description: Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1891
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s): Microsoft Windows SharePoint Services 3.0
Microsoft SharePoint Foundation 2010
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12907
 
Oval ID: oval:org.mitre.oval:def:12907
Title: SharePoint Remote File Disclosure Vulnerability
Description: Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1892
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s): Microsoft Office Groove 2007
Microsoft SharePoint Workspace 2010
Microsoft Office Forms Server 2007
Microsoft SharePoint Server 2007
Microsoft SharePoint Server 2010
Microsoft Office Groove Server 2007 Data Bridge
Microsoft Office Groove Management Server 2007
Microsoft Groove Server 2010
Microsoft Windows SharePoint Services 3.0
Microsoft SharePoint Foundation 2010
Microsoft Office Web Apps 2010
Microsoft Word Web App 2010
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12676
 
Oval ID: oval:org.mitre.oval:def:12676
Title: SharePoint XSS Vulnerability
Description: Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1893
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s): Microsoft SharePoint Server 2010
Microsoft Windows SharePoint Services 2.0
Microsoft Windows SharePoint Services 3.0
Microsoft SharePoint Foundation 2010
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application2
Application1
Application1
Application1
Application2
Application2
Application2
Application2
Application4
Application3
Application4

ExploitDB Exploits

idDescription
2011-09-20File disclosure via XEE in SharePoint 2007/2010 and DotNetNuke < 6

OpenVAS Exploits

DateDescription
2011-09-14Name : Microsoft SharePoint Multiple Privilege Escalation Vulnerabilities (2451858)
File : nvt/secpod_ms11-074.nasl
2011-06-15Name : Microsoft Internet Explorer Multiple Vulnerabilities (2530548)
File : nvt/secpod_ms11-050.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
75393Microsoft SharePoint Unspecified URI XSS
75392Microsoft SharePoint XML File Arbitrary File Disclosure
75391Microsoft SharePoint Contact Details XSS
75390Microsoft SharePoint EditForm.aspx XSS
75389Microsoft SharePoint SharePoint Calendar URI XSS
75381Microsoft SharePoint XML / XSL File Handling Unspecified Arbitrary File Discl...
72944Microsoft IE SafeHTML Function XSS

Information Assurance Vulnerability Management (IAVM)

DateDescription
2011-09-15IAVM : 2011-B-0115 - Multiple Vulnerabilities in Microsoft Office SharePoint
Severity : Category II - VMSKEY : V0030239

Snort® IPS/IDS

DateDescription
2014-01-10Microsoft Internet Explorer toStaticHTML XSS attempt
RuleID : 21569 - Revision : 5 - Type : BROWSER-IE
2014-01-10Microsoft SharePoint XSS
RuleID : 20117 - Revision : 7 - Type : SERVER-WEBAPP
2014-01-10Microsoft Office SharePoint Javascript XSS attempt
RuleID : 20116 - Revision : 10 - Type : SERVER-WEBAPP
2014-01-10Microsoft Office SharePoint XML external entity exploit attempt
RuleID : 20115 - Revision : 9 - Type : SERVER-WEBAPP
2014-01-10Microsoft SharePoint hiddenSpanData cross site scripting attempt
RuleID : 20114 - Revision : 7 - Type : SERVER-WEBAPP
2014-01-10Microsoft Office SharePoint XSS vulnerability attempt
RuleID : 20113 - Revision : 9 - Type : SERVER-WEBAPP
2014-01-10Microsoft Office SharePoint XSS vulnerability attempt
RuleID : 20112 - Revision : 8 - Type : SERVER-WEBAPP
2014-01-10Microsoft Office SharePoint XSS vulnerability attempt
RuleID : 20111 - Revision : 8 - Type : SERVER-WEBAPP
2014-01-10Microsoft Internet Explorer 8 toStaticHTML XSS attempt
RuleID : 19239 - Revision : 6 - Type : BROWSER-IE

Nessus® Vulnerability Scanner

DateDescription
2011-09-14Name : The remote host is affected by multiple privilege escalation and information ...
File : smb_nt_ms11-074.nasl - Type : ACT_GATHER_INFO
2011-06-15Name : Arbitrary code can be executed on the remote host through a web browser.
File : smb_nt_ms11-050.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
DateInformations
2014-02-17 11:47:06
  • Multiple Updates
2014-01-19 21:30:44
  • Multiple Updates
2013-11-11 12:41:25
  • Multiple Updates
2013-05-11 00:49:53
  • Multiple Updates