6.8 - MS12-050

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	Vulnerabilities in SharePoint Could Allow Elevation of Privilege

Informations
Name	MS12-050	First vendor Publication	2012-07-10
Vendor	Microsoft	Last vendor Modification	2014-01-15
Severity (Vendor)	Version	Revision	2.2

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score	6.8	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Severity Rating: Important
Revision Note: V2.2 (January 15, 2014): Bulletin revised to announce a detection change in update 2596911. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
Summary: This security update resolves one publicly disclosed and five privately reported vulnerabilities in Microsoft SharePoint and Windows SharePoint Services. The most severe vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL that takes the user to a targeted SharePoint site.

Original Source

Url : https://technet.microsoft.com/en-us/library/security/MS12-050

CWE : Common Weakness Enumeration

%	Id	Name
50 %	CWE-79	Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
17 %	CWE-264	Permissions, Privileges, and Access Controls
17 %	CWE-200	Information Exposure
17 %	CWE-20	Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:15265

Oval ID:	oval:org.mitre.oval:def:15265
Title:	SharePoint Search Scope Vulnerability - MS12-050
Description:	Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-1860	Version:	4
Platform(s):	Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP	Product(s):	Microsoft SharePoint Server 2007 Microsoft SharePoint Server 2010
Definition Synopsis:
sharepoint server 2007 Check if the version of Microsoft.sharepoint.publishing.dll is less than 12.0.6660.5000 AND sharepoint server 2007 sp2/sp3 Microsoft Office SharePoint Server 2007 SP2 is installed AND Microsoft Office SharePoint Server 2007 SP3 is installed OR sharepoint server 2010 Check if the version of Microsoft.office.server.native.dll is less than 14.0.6108.5000 AND sharepoint server 2010/sp1 Microsoft SharePoint Server 2010 Service Pack 1 is installed AND Microsoft Office SharePoint Server 2010 is installed.

Definition Id: oval:org.mitre.oval:def:15530

Oval ID:	oval:org.mitre.oval:def:15530
Title:	HTML Sanitization Vulnerability - MS12-050
Description:	The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-1858	Version:	13
Platform(s):	Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP	Product(s):	Microsoft Communicator 2007 R2 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Lync 2010 Microsoft Lync 2010 Attendee Microsoft Groove Server 2010 Microsoft InfoPath 2007 Microsoft InfoPath 2010 Microsoft SharePoint Foundation 2010 Microsoft SharePoint Server 2007 Microsoft SharePoint Server 2010 Microsoft SharePoint Services 3.0
Definition Synopsis:
IE8 and XP/2K3 Microsoft Internet Explorer 8 is installed AND Win Vista / 2K8 Microsoft Windows XP (32-bit) is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows XP x64 is installed AND Check for LDR/GDR Check if the version of mshtml.dll is less than 8.0.6001.19258 OR Check for LDR Check for mshtml.dll version greater than or equal to 8.0.6001.23000 AND Check if the version of mshtml.dll is less than 8.0.6001.23345 OR IE8 and vista/2k8 Microsoft Internet Explorer 8 is installed AND Vista/2K8 Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Check for LDR/GDR Check if the version of mshtml.dll is less than 8.0.6001.19272 OR Check for LDR Check for mshtml.dll version greater than or equal to 8.0.6001.23000 AND Check if the version of mshtml.dll is less than 8.0.6001.23359 OR IE9 and Vista/2K8/Win7/2008 R2 Vista/2K8/Win7/R2 Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Check for LDR/GDR Check if the version of mshtml.dll is less than 9.0.8112.16446 OR Check for LDR Check for mshtml.dll version greater than or equal to 9.0.8112.20000 AND Check if the version of mshtml.dll is less than 9.0.8112.20551 AND Microsoft Internet Explorer 9 is installed OR IE 8 and Win7 / Win 2k8 R2 Microsoft Internet Explorer 8 is installed AND Win 7 / 2K8 R2 IE8 and Win 7/2K8 R2 Win 7 / Win 2K8 R2 Microsoft Windows 7 is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Check for LDR/GDR Check if the version of mshtml.dll is less than 8.0.7600.17006 OR Check for LDR Mshtml.dll version is greater than or equal 8.0.7600.20000 AND Check if the version of mshtml.dll is less than 8.0.7600.21198 OR Win 7 / 2K8 R2 and IE8 Win 7 / Win 2K8 R2 Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Check for LDR/GDR Check if the version of mshtml.dll is less than 8.0.7601.17824 OR Check for LDR Mshtml.dll version is greater than or equal to 8.0.7601.21000 AND Check if the version of mshtml.dll is less than 8.0.7601.21976 OR Check for vulnerable communicator 2007 r2 Microsoft Communicator 2007 R2 is installed AND Check if version of Communicator.exe (Communicator 2007 R2) is less than 3.5.6907.253 OR Check for vulnerable lync 2010 Microsoft Lync 2010 is installed AND Check if version of Communicator.exe (Lync 2010) is less than 4.0.7577.4098 OR Check for vulnerable lync 2010 attendee (admin) Microsoft Lync 2010 Attendee (user level install) is installed AND Check if version of ogl.dll (Lync 2010 Attendee for admin) is less than 4.0.7577.4098 OR Check for vulnerable lync 2010 attendee (user) Microsoft Lync 2010 Attendee (admin level install) is installed AND Check if version of ogl.dll (Lync 2010 Attendee for user) is less than 4.0.7577.4098 OR infopath 2007/2010 infopath 2010/2007 sp2/sp3 Microsoft InfoPath 2007 Service Pack 2 is installed AND Microsoft InfoPath 2007 Service Pack 3 is installed AND infopath.exe or ipeditor.dll Check if the version of infopath.exe is less than 12.0.6661.5000 AND Check if the version of Ipeditor.dll is less than 12.0.6661.5000 OR sharepoint server 2007 sp2/sp3 sp2/sp3 Microsoft Office SharePoint Server 2007 SP2 is installed AND Microsoft Office SharePoint Server 2007 SP3 is installed AND Check if the version of Microsoft.sharepoint.publishing.dll is less than 12.0.6660.5000 OR sharepoint foundation 2010 sharepoint foundation 2010/sp1 Microsoft SharePoint Foundation 2010 Service Pack 1 is installed AND Microsoft Office SharePoint Server 2010 is installed. AND Check if the version of Onfda.dll is less than 14.0.6106.5000 OR groove server 2010 groove server/sp1 Microsoft Groove Server 2010 Service Pack 1 is installed AND Microsoft Groove Server 2010 is installed AND Check if the version of svrsetup.dll is less than 14.0.6120.5000 OR sharepoint server 2010 sharepoint server 2010/sp1 Microsoft SharePoint Server 2010 Service Pack 1 is installed AND Microsoft Office SharePoint Server 2010 is installed. AND Check if the version of Microsoft.office.server.native.dll is less than 14.0.6108.5000 OR infopath 2010 Microsoft InfoPath 2010 is installed AND infopath.exe or ipeditor.dll Check if the version of infopath.exe is less than 14.0.6120.5000 AND Check if the version of Ipeditor.dll is less than 14.0.6120.5000 OR sharepoint services 3.0 Check if the version of Onetutil.dll is less than 12.0.6661.5000 AND Microsoft Windows SharePoint Services 3.0 SP2 is installed

Definition Id: oval:org.mitre.oval:def:15544

Oval ID:	oval:org.mitre.oval:def:15544
Title:	SharePoint Script in Username Vulnerability - MS12-050
Description:	Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-1861	Version:	6
Platform(s):	Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2	Product(s):	Microsoft SharePoint Foundation 2010 Microsoft SharePoint Server 2010
Definition Synopsis:
sharepoint server 2010 Check if the version of Microsoft.office.server.native.dll is less than 14.0.6108.5000 AND sharepoint server 2010/sp1 Microsoft SharePoint Server 2010 Service Pack 1 is installed AND Microsoft Office SharePoint Server 2010 is installed. OR sharepoint foundation 2010 Check if the version of Onfda.dll is less than 14.0.6106.5000 AND sharepoint foundation 2010/sp1 Microsoft SharePoint Foundation 2010 Service Pack 1 is installed AND Microsoft SharePoint Foundation 2010 is installed

Definition Id: oval:org.mitre.oval:def:15589

Oval ID:	oval:org.mitre.oval:def:15589
Title:	XSS scriptresx.ashx Vulnerability - MS12-050
Description:	Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-1859	Version:	5
Platform(s):	Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2	Product(s):	Microsoft SharePoint Foundation 2010 Microsoft SharePoint Server 2010
Definition Synopsis:
sharepoint server 2010 Check if the version of Microsoft.office.server.native.dll is less than 14.0.6108.5000 AND shrepoint server 2010/sp1 Microsoft Office SharePoint Server 2010 is installed. AND Microsoft SharePoint Server 2010 Service Pack 1 is installed OR sharepoint foundation 2010 Check if the version of Onfda.dll is less than 14.0.6106.5000 AND sharepoint foundation 2010/sp1 Microsoft SharePoint Foundation 2010 is installed AND Microsoft SharePoint Foundation 2010 Service Pack 1 is installed

Definition Id: oval:org.mitre.oval:def:15657

Oval ID:	oval:org.mitre.oval:def:15657
Title:	SharePoint URL Redirection Vulnerability - MS12-050
Description:	Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-1862	Version:	3
Platform(s):	Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP	Product(s):	Microsoft SharePoint Server 2007
Definition Synopsis:
Check if the version of Microsoft.sharepoint.publishing.dll is less than 12.0.6660.5000 AND sharepoint server 2007 sp2/sp3 Microsoft Office SharePoint Server 2007 SP2 is installed AND Microsoft Office SharePoint Server 2007 SP3 is installed

Definition Id: oval:org.mitre.oval:def:15689

Oval ID:	oval:org.mitre.oval:def:15689
Title:	SharePoint Reflected List Parameter Vulnerability - MS12-050
Description:	Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-1863	Version:	8
Platform(s):	Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP	Product(s):	Microsoft SharePoint Foundation 2010 Microsoft SharePoint Server 2007 Microsoft SharePoint Services 3.0 Microsoft SharePoint Services 2.0
Definition Synopsis:
sharepoint services 3.0 sp2 Check if the version of Onetutil.dll is less than 12.0.6661.5000 AND Microsoft Windows SharePoint Services 3.0 SP2 is installed OR sharepoint foundation Check if the version of Onfda.dll is less than 14.0.6106.5000 AND sharepoint foundation 2010/sp1 Microsoft SharePoint Foundation 2010 Service Pack 1 is installed AND Microsoft SharePoint Foundation 2010 is installed OR sharepoint server 2007 Check if the version of Microsoft.sharepoint.publishing.dll is less than 12.0.6660.5000 AND sharepoint server 2007 sp2/sp3 Microsoft Office SharePoint Server 2007 SP2 is installed AND Microsoft Office SharePoint Server 2007 SP3 is installed OR sharepoint services 2.0/version Microsoft Windows SharePoint Services 2.0 is installed AND Check if the version of onetutil.dll is less than 11.0.8346.0

CPE : Common Platform Enumeration

Type	Description	Count
Application	Microsoft Lync cpe:2.3:a:microsoft:lync:2010::attendee::::: cpe:2.3:a:microsoft:lync:2010::x64::::: cpe:2.3:a:microsoft:lync:2010::x86:::::	3
Application	Microsoft Office Communicator cpe:2.3:a:microsoft:office_communicator:2007:r2::::::	1
Application	Microsoft Office Sharepoint Server cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x32:::::* cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x64:::::* cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp3:x64:::::* cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp3:x32:::::*	4
Application	Microsoft Office Web Apps cpe:2.3:a:microsoft:office_web_apps:2010:::::::* cpe:2.3:a:microsoft:office_web_apps:2010:sp1::::::	2
Application	Microsoft Sharepoint Foundation cpe:2.3:a:microsoft:sharepoint_foundation:2010:::::::* cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1::::::	2
Application	Microsoft Sharepoint Server cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:::::: cpe:2.3:a:microsoft:sharepoint_server:2010:::::::* cpe:2.3:a:microsoft:sharepoint_server:2007:sp3:::::: cpe:2.3:a:microsoft:sharepoint_server:2007:sp1:::::: cpe:2.3:a:microsoft:sharepoint_server:2007:sp2::::::	5
Application	Microsoft Sharepoint Services cpe:2.3:a:microsoft:sharepoint_services:3.0:sp2:x32:::::* cpe:2.3:a:microsoft:sharepoint_services:3.0:sp2:x64:::::*	2

ExploitDB Exploits

id	Description
2012-07-12	IE9, SharePoint, Lync toStaticHTML HTML Sanitizing Bypass

OpenVAS Exploits

Date	Description
2012-07-11	Name : Microsoft SharePoint Multiple Privilege Elevation Vulnerabilities (2695502) File : nvt/secpod_ms12-050.nasl
2012-06-13	Name : Microsoft Internet Explorer Multiple Vulnerabilities (2699988) File : nvt/secpod_ms12-037.nasl
2012-06-13	Name : Microsoft Lync Remote Code Execution Vulnerabilities (2707956) File : nvt/secpod_ms12-039.nasl

Snort® IPS/IDS

Date	Description
2014-01-10	Microsoft Office SharePoint name field cross site scripting attempt RuleID : 24198 - Revision : 6 - Type : SERVER-WEBAPP
2014-01-10	Microsoft Office SharePoint query.iqy XSS attempt RuleID : 23282 - Revision : 7 - Type : SERVER-WEBAPP
2014-01-10	Microsoft Office SharePoint scriptresx.ashx XSS attempt RuleID : 23281 - Revision : 6 - Type : SERVER-WEBAPP
2014-01-10	Microsoft Office SharePoint name field cross site scripting attempt RuleID : 23279 - Revision : 10 - Type : SERVER-WEBAPP
2014-01-10	Microsoft multiple product toStaticHTML XSS attempt RuleID : 23137 - Revision : 11 - Type : BROWSER-IE
2014-01-10	Microsoft multiple product toStaticHTML XSS attempt RuleID : 23136 - Revision : 11 - Type : BROWSER-IE

Nessus® Vulnerability Scanner

Date	Description
2012-07-11	Name : The remote host is affected by multiple privilege escalation and information ... File : smb_nt_ms12-050.nasl - Type : ACT_GATHER_INFO
2012-06-13	Name : The remote host is affected by code execution vulnerabilities. File : smb_nt_ms12-037.nasl - Type : ACT_GATHER_INFO
2012-06-13	Name : Arbitrary code can be executed on the remote host through Microsoft Lync. File : smb_nt_ms12-039.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-05-06 11:35:06	Multiple Updates
2014-05-06 11:31:55	Multiple Updates
2014-04-19 00:26:05	Multiple Updates
2014-04-19 00:17:32	Multiple Updates
2014-04-18 21:28:35	Multiple Updates
2014-04-18 21:18:52	Multiple Updates
2014-04-18 17:26:20	Multiple Updates
2014-04-18 17:17:50	Multiple Updates
2014-04-18 13:29:51	Multiple Updates
2014-04-18 13:18:46	Multiple Updates
2014-04-18 09:27:06	Multiple Updates
2014-04-18 09:18:02	Multiple Updates
2014-04-18 05:27:59	Multiple Updates
2014-04-18 05:19:11	Multiple Updates
2014-04-18 00:26:18	Multiple Updates
2014-04-18 00:17:34	Multiple Updates
2014-04-17 21:25:56	Multiple Updates
2014-04-17 21:18:38	Multiple Updates
2014-04-17 17:26:35	Multiple Updates
2014-04-17 17:17:45	Multiple Updates
2014-04-17 13:29:28	Multiple Updates
2014-04-17 13:18:53	Multiple Updates
2014-04-17 09:20:59	Multiple Updates
2014-04-17 09:10:24	Multiple Updates
2014-04-17 09:07:45	Multiple Updates
2014-02-17 11:47:23	Multiple Updates
2014-01-19 21:30:51	Multiple Updates
2014-01-16 00:16:12	Multiple Updates
2012-12-13 05:19:48	Multiple Updates
2012-12-13 05:15:50	Multiple Updates
2012-12-11 21:21:38	Multiple Updates
2012-12-11 21:18:10	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	6
Oval ID(s)	6
CPE ID(s)	19
ExploitDB Exploit(s)	1
Openvas Exploit(s)	3
Snort® Rule(s)	6
Nessus® Exploit(s)	3

	Related
10	MS13-067
10	MS12-078
10	MS12-075
10	MS12-054
9.3	MS12-082
9.3	MS12-081
9.3	MS12-079
9.3	MS12-077
9.3	MS12-076
9.3	MS12-074
9.3	MS12-072
9.3	MS12-071
9.3	MS12-065
9.3	MS12-064
9.3	MS12-063
9.3	MS12-060
9.3	MS12-059
9.3	MS12-057
9.3	MS12-056
9.3	MS12-053
9.3	MS12-052
9.3	MS12-048
9.3	MS12-045
9.3	MS12-044
9.3	MS12-043
9.3	MS12-039
9.3	MS12-038
9.3	MS12-037
9.3	MS12-036
9.3	MS12-035
9.3	MS12-034
9.3	MS12-031
9.3	MS12-030
9.3	MS12-029
9.3	MS12-028
9.3	MS12-027
9.3	MS12-025
9.3	MS12-024
9.3	MS12-023
9.3	MS12-022
9.3	MS12-020
9.3	MS12-016
9.3	MS12-015
9.3	MS12-014
9.3	MS12-013
9.3	MS12-012
9.3	MS12-010
9.3	MS12-008
9.3	MS12-005
9.3	MS12-004
9.3	MS12-002
9.3	MS12-001
8.3	MS12-042
7.2	MS12-068
7.2	MS12-055
7.2	MS12-047
7.2	MS12-041
7.2	MS12-033
7.2	MS12-032
7.2	MS12-018
7.2	MS12-009
6.9	MS12-051
6.9	MS12-046
6.9	MS12-021
6.9	MS12-003
6.8	CVE-2012-1862
5.8	MS12-083
5.8	MS12-026
5.5	CVE-2012-1860
5	MS12-073
5	MS12-069
5	MS12-017
4.3	MS12-070
4.3	MS12-066
4.3	MS12-062
4.3	MS12-061
4.3	MS12-049
4.3	MS12-040
4.3	MS12-019
4.3	MS12-011
4.3	MS12-007
4.3	MS12-006
4.3	MS11-074
4.3	CVE-2012-1863
4.3	CVE-2012-1861
4.3	CVE-2012-1859
4.3	CVE-2012-1858
3.5	MS12-080
2.1	MS12-067
2.1	MS12-058
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 90 more Alert(s)