This CPE summary could be partial or incomplete. Please contact us for a detailed listing.


Vendor Microsoft First view 2010-06-08
Product Office Infopath Last view 2010-06-08
Version 2007 Type Application
Update sp1  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
CPE Product cpe:2.3:a:microsoft:office_infopath

Activity : Overall

Related : CVE

  Date Alert Description
4.3 2010-06-08 CVE-2010-1257

Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization.

CWE : Common Weakness Enumeration

100% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')

Open Source Vulnerability Database (OSVDB)

id Description
65211 Microsoft IE / Sharepoint toStaticHTML Information Disclosure

OpenVAS Exploits

id Description
2010-06-09 Name : Microsoft Internet Explorer Multiple Vulnerabilities (982381)
File : nvt/secpod_ms10-035.nasl
2010-06-09 Name : Microsoft SharePoint Privilege Elevation Vulnerabilities (2028554)
File : nvt/secpod_ms10-039.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2010-A-0079 Multiple Vulnerabilities in Microsoft Office SharePoint
Severity: Category II - VMSKEY: V0024377

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft Internet Explorer 8 cross-site scripting attempt
RuleID : 16658 - Type : BROWSER-IE - Revision : 7

Nessus® Vulnerability Scanner

id Description
2010-06-09 Name: Arbitrary code can be executed on the remote host through a web browser.
File: smb_nt_ms10-035.nasl - Type: ACT_GATHER_INFO
2010-06-09 Name: The remote host has multiple vulnerabilities.
File: smb_nt_ms10-039.nasl - Type: ACT_GATHER_INFO