Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2663841) |
Informations | |||
---|---|---|---|
Name | MS12-011 | First vendor Publication | 2012-02-14 |
Vendor | Microsoft | Last vendor Modification | 2012-02-14 |
Severity (Vendor) | Important | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.0 (February 14, 2012): Bulletin published. |
Original Source
Url : http://technet.microsoft.com/en-us/security/bulletin/ms12-011 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:14386 | |||
Oval ID: | oval:org.mitre.oval:def:14386 | ||
Title: | XSS in themeweb.aspx Vulnerability | ||
Description: | Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0144 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft SharePoint Server 2010 Microsoft SharePoint Foundation 2010 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14637 | |||
Oval ID: | oval:org.mitre.oval:def:14637 | ||
Title: | XSS in inplview.aspx Vulnerability | ||
Description: | Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0017 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft SharePoint Foundation 2010 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14826 | |||
Oval ID: | oval:org.mitre.oval:def:14826 | ||
Title: | XSS in wizardlist.aspx Vulnerability | ||
Description: | Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0145 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft SharePoint Server 2010 Microsoft SharePoint Foundation 2010 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 | |
Application | 2 |
OpenVAS Exploits
Date | Description |
---|---|
2012-06-28 | Name : Microsoft SharePoint Privilege Elevation Vulnerabilities (2663841) File : nvt/secpod_ms12-011.nasl |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2012-02-16 | IAVM : 2012-B-0017 - Multiple Elevation of Privilege Vulnerabilities in Microsoft SharePoint Severity : Category II - VMSKEY : V0031349 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft SharePoint chart webpart XSS attempt RuleID : 21298 - Revision : 5 - Type : SERVER-WEBAPP |
2014-01-10 | Microsoft Office SharePoint themeweb.aspx XSS attempt RuleID : 21297 - Revision : 6 - Type : SERVER-WEBAPP |
2014-01-10 | Microsoft generic javascript handler in URI XSS attempt RuleID : 20258 - Revision : 12 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-02-14 | Name : The remote host is affected by multiple privilege escalation and information ... File : smb_nt_ms12-011.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:47:15 |
|
2014-01-19 21:30:47 |
|
2013-11-11 12:41:27 |
|