Summary
| Detail | |||
|---|---|---|---|
| Vendor | Microsoft | First view | 2010-04-29 |
| Product | Sharepoint Services | Last view | 2010-06-08 |
| Version | 3.0 | Type | Application |
| Update | sp1 | ||
| Edition | x64 | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:microsoft:sharepoint_services | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 4 | 2010-06-08 | CVE-2010-1264 | Unspecified vulnerability in Microsoft Windows SharePoint Services 3.0 SP1 and SP2 allows remote attackers to cause a denial of service (hang) via crafted requests to the Help page that cause repeated restarts of the application pool, aka "Sharepoint Help Page Denial of Service Vulnerability." |
| 4.3 | 2010-06-08 | CVE-2010-1257 | Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization. |
| 4.3 | 2010-04-29 | CVE-2010-0817 | Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 100% (2) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 65220 | Microsoft SharePoint Crafted Request Help Page Invocation Remote DoS |
| 65211 | Microsoft IE / Sharepoint toStaticHTML Information Disclosure |
| 64170 | Microsoft SharePoint Server _layouts/help.aspx cid0 Parameter XSS |
OpenVAS Exploits
| id | Description |
|---|---|
| 2011-09-14 | Name : Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vu... File : nvt/gb_sharepoint_39776.nasl |
| 2010-06-09 | Name : Microsoft Internet Explorer Multiple Vulnerabilities (982381) File : nvt/secpod_ms10-035.nasl |
| 2010-06-09 | Name : Microsoft SharePoint Privilege Elevation Vulnerabilities (2028554) File : nvt/secpod_ms10-039.nasl |
| 2010-05-04 | Name : Microsoft SharePoint '_layouts/help.aspx' Cross Site Scripting Vulnerability File : nvt/secpod_ms_sharepoint_layouts_xss_vuln.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2010-A-0079 | Multiple Vulnerabilities in Microsoft Office SharePoint Severity: Category II - VMSKEY: V0024377 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Microsoft Office SharePoint Server 2007 help.aspx denial of service attempt RuleID : 16660 - Type : SERVER-WEBAPP - Revision : 16 |
| 2014-01-10 | Microsoft Internet Explorer 8 cross-site scripting attempt RuleID : 16658 - Type : BROWSER-IE - Revision : 7 |
| 2014-01-10 | Microsoft Office SharePoint XSS attempt RuleID : 16560 - Type : SERVER-WEBAPP - Revision : 17 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2010-07-01 | Name: An application running on the remote web server has a denial of service vulne... File: sharepoint_help_dos.nasl - Type: ACT_DENIAL |
| 2010-07-01 | Name: An application running on the remote web server has a cross-site scripting vu... File: sharepoint_help_xss.nasl - Type: ACT_ATTACK |
| 2010-06-09 | Name: Arbitrary code can be executed on the remote host through a web browser. File: smb_nt_ms10-035.nasl - Type: ACT_GATHER_INFO |
| 2010-06-09 | Name: The remote host has multiple vulnerabilities. File: smb_nt_ms10-039.nasl - Type: ACT_GATHER_INFO |
