MS12-011Executive Summary
| Summary | |
|---|---|
| Title | Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2663841) |
| Informations | |||
|---|---|---|---|
| Name | MS12-011 | First vendor Publication | 2012-02-14 |
| Vendor | Microsoft | Last vendor Modification | 2012-02-14 |
| Severity (Vendor) | Important | Revision | 1.0 |
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 4.3 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentification | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
Revision Note: V1.0 (February 14, 2012): Bulletin published. Summary: This security update resolves three privately reported vulnerabilities in Microsoft SharePoint and Microsoft SharePoint Foundation. These vulnerabilities could allow elevation of privilege or information disclosure if a user clicked a specially crafted URL. |
Original Source
| Url : http://technet.microsoft.com/en-us/security/bulletin/ms12-011 |
CWE : Common Weakness Enumeration
| id | Name |
|---|---|
| CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:14637 | |||
| Oval ID: | oval:org.mitre.oval:def:14637 | ||
| Title: | XSS in inplview.aspx Vulnerability | ||
| Description: | Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0017 |
Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 |
Product(s): | Microsoft SharePoint Foundation 2010 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:14386 | |||
| Oval ID: | oval:org.mitre.oval:def:14386 | ||
| Title: | XSS in themeweb.aspx Vulnerability | ||
| Description: | Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0144 |
Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 |
Product(s): | Microsoft SharePoint Server 2010 Microsoft SharePoint Foundation 2010 |
| Definition Synopsis: | |||
|
|||
| Definition Id: oval:org.mitre.oval:def:14826 | |||
| Oval ID: | oval:org.mitre.oval:def:14826 | ||
| Title: | XSS in wizardlist.aspx Vulnerability | ||
| Description: | Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0145 |
Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 |
Product(s): | Microsoft SharePoint Server 2010 Microsoft SharePoint Foundation 2010 |
| Definition Synopsis: | |||
|
|||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 2 | |
| Application | 2 |
(Medium)
