Summary
| Detail | |||
|---|---|---|---|
| Vendor | Microsoft | First view | 2010-09-17 |
| Product | Groove Server | Last view | 2013-04-09 |
| Version | 2007 | Type | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 4.3 | 2013-04-09 | CVE-2013-1289 | Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability." |
| 9.3 | 2013-01-09 | CVE-2013-0007 | Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability." |
| 9.3 | 2013-01-09 | CVE-2013-0006 | Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer Truncation Vulnerability." |
| 4.3 | 2012-10-09 | CVE-2012-2520 | Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability." |
| 4 | 2011-09-15 | CVE-2011-1892 | Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability." |
| 4.3 | 2010-09-17 | CVE-2010-3324 | The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (3) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 16% (1) | CWE-200 | Information Exposure |
| 16% (1) | CWE-189 | Numeric Errors |
| 16% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:7297 | HTML Sanitization Vulnerability (CVE-2010-3324) |
| oval:org.mitre.oval:def:12907 | SharePoint Remote File Disclosure Vulnerability |
| oval:org.mitre.oval:def:14976 | Vulnerability in HTML Sanitization Component Could Allow Elevation of Privile... |
| oval:org.mitre.oval:def:16429 | MSXML Integer Truncation Vulnerability - MS13-002 |
| oval:org.mitre.oval:def:15458 | MSXML XSLT Vulnerability - MS13-002 |
| oval:org.mitre.oval:def:16599 | Vulnerability in HTML sanitization component could allow elevation of privile... |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 75392 | Microsoft SharePoint XML File Arbitrary File Disclosure |
| 75381 | Microsoft SharePoint XML / XSL File Handling Unspecified Arbitrary File Discl... |
| 68123 | Microsoft IE / SharePoint toStaticHTML Function Crafted CSS @import Rule XSS ... |
ExploitDB Exploits
| id | Description |
|---|---|
| 17873 | File disclosure via XEE in SharePoint 2007/2010 and DotNetNuke < 6 |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-10-10 | Name : Microsoft Products HTML Sanitisation Component XSS Vulnerability (2741517) File : nvt/secpod_ms12-066.nasl |
| 2011-09-22 | Name : Microsoft SharePoint SafeHTML Information Disclosure Vulnerabilities (2412048) File : nvt/secpod_ms10-072.nasl |
| 2011-09-14 | Name : Microsoft SharePoint Multiple Privilege Escalation Vulnerabilities (2451858) File : nvt/secpod_ms11-074.nasl |
| 2010-10-13 | Name : Microsoft Internet Explorer Multiple Vulnerabilities (2360131) File : nvt/secpod_ms10-071.nasl |
| 2010-09-23 | Name : Microsoft Internet Explorer 'toStaticHTML()' Cross Site Scripting Vulnerability File : nvt/secpod_ms_ie_static_html_xss_vuln.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2013-A-0083 | Microsoft Office HTML Sanitization Privilege Escalation Vulnerability Severity: Category II - VMSKEY: V0037613 |
| 2013-A-0004 | Multiple Vulnerabilities in Microsoft XML Core Services Severity: Category I - VMSKEY: V0036444 |
| 2011-B-0115 | Multiple Vulnerabilities in Microsoft Office SharePoint Severity: Category II - VMSKEY: V0030239 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2018-02-22 | toStaticHTML CSS import XSS exploit attempt RuleID : 45514 - Type : BROWSER-IE - Revision : 1 |
| 2014-01-10 | overly large XML file MSXML heap overflow attempt RuleID : 28286 - Type : FILE-OTHER - Revision : 3 |
| 2014-01-10 | Microsoft Internet Explorer expression clause in style tag cross site scripti... RuleID : 26354 - Type : BROWSER-IE - Revision : 6 |
| 2014-01-10 | MSXML dynamic pointer casting arbitrary code execution attempt RuleID : 25275 - Type : FILE-OTHER - Revision : 2 |
| 2014-01-10 | overly large XML file MSXML heap overflow attempt RuleID : 25270 - Type : FILE-OTHER - Revision : 6 |
| 2014-01-10 | Microsoft multiple product toStaticHTML XSS attempt RuleID : 23137 - Type : BROWSER-IE - Revision : 11 |
| 2014-01-10 | Microsoft multiple product toStaticHTML XSS attempt RuleID : 23136 - Type : BROWSER-IE - Revision : 11 |
| 2014-01-10 | Microsoft Office SharePoint XML external entity exploit attempt RuleID : 20115 - Type : SERVER-WEBAPP - Revision : 10 |
| 2014-01-10 | Microsoft Internet Explorer 8 tostaticHTML CSS import vulnerability RuleID : 17767 - Type : BROWSER-IE - Revision : 15 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2013-04-10 | Name: The remote host is affected by a cross-site scripting vulnerability. File: smb_nt_ms13-035.nasl - Type: ACT_GATHER_INFO |
| 2013-01-09 | Name: Arbitrary code can be executed on the remote host through Microsoft XML Core ... File: smb_nt_ms13-002.nasl - Type: ACT_GATHER_INFO |
| 2012-10-10 | Name: The remote host is affected by a privilege escalation vulnerability. File: smb_nt_ms12-066.nasl - Type: ACT_GATHER_INFO |
| 2011-09-14 | Name: The remote host is affected by multiple privilege escalation and information ... File: smb_nt_ms11-074.nasl - Type: ACT_GATHER_INFO |
| 2010-10-18 | Name: The remote host is affected by multiple cross-site scripting vulnerabilities. File: safehtml_ms10_072.nasl - Type: ACT_GATHER_INFO |
| 2010-10-13 | Name: Arbitrary code can be executed on the remote host through a web browser. File: smb_nt_ms10-071.nasl - Type: ACT_GATHER_INFO |
| 2010-10-13 | Name: The remote host is affected by multiple cross-site scripting vulnerabilities. File: smb_nt_ms10-072.nasl - Type: ACT_GATHER_INFO |
