Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2010-1257First vendor Publication2010-06-08
VendorCveLast vendor Modification2018-10-12

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1257

CWE : Common Weakness Enumeration

%idName
100 %CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:6677
 
Oval ID: oval:org.mitre.oval:def:6677
Title: toStaticHTML Information Disclosure Vulnerability
Description: Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1257
Version: 19
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft Internet Explorer 8
Microsoft Office InfoPath 2003
Microsoft Office InfoPath 2007
Microsoft Office SharePoint Server 2007
Microsoft Windows SharePoint Services 3.0
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1
Application3
Application4
Application4
Os2
Os2
Os6
Os6
Os3

OpenVAS Exploits

DateDescription
2011-09-14Name : Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vu...
File : nvt/gb_sharepoint_39776.nasl
2010-06-09Name : Microsoft Windows Kernel Mode Drivers Privilege Escalation Vulnerabilities (9...
File : nvt/secpod_ms10-032.nasl
2010-06-09Name : Microsoft Internet Explorer Multiple Vulnerabilities (982381)
File : nvt/secpod_ms10-035.nasl
2010-06-09Name : Microsoft SharePoint Privilege Elevation Vulnerabilities (2028554)
File : nvt/secpod_ms10-039.nasl
2010-05-04Name : Microsoft SharePoint '_layouts/help.aspx' Cross Site Scripting Vulnerability
File : nvt/secpod_ms_sharepoint_layouts_xss_vuln.nasl
2010-02-08Name : Microsoft Internet Explorer Information Disclosure Vulnerability (980088)
File : nvt/gb_ms_ie_npl_info_disc_vuln.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
65211Microsoft IE / Sharepoint toStaticHTML Information Disclosure

Information Assurance Vulnerability Management (IAVM)

DateDescription
2010-06-10IAVM : 2010-A-0079 - Multiple Vulnerabilities in Microsoft Office SharePoint
Severity : Category II - VMSKEY : V0024377

Snort® IPS/IDS

DateDescription
2014-12-16Microsoft Internet Explorer style sheet array memory corruption attempt
RuleID : 32532 - Revision : 3 - Type : BROWSER-IE
2014-01-10Microsoft Internet Explorer oversize recordset object cache size exploit attempt
RuleID : 18280 - Revision : 15 - Type : BROWSER-IE
2014-01-10Microsoft Office SharePoint Server 2007 help.aspx denial of service attempt
RuleID : 16660 - Revision : 16 - Type : SERVER-WEBAPP
2014-01-10Microsoft Internet Explorer style sheet array memory corruption attempt
RuleID : 16659 - Revision : 17 - Type : BROWSER-IE
2014-01-10Microsoft Internet Explorer 8 cross-site scripting attempt
RuleID : 16658 - Revision : 7 - Type : BROWSER-IE
2014-01-10Microsoft Internet Explorer security zone restriction bypass attempt
RuleID : 16637 - Revision : 12 - Type : BROWSER-IE
2014-01-10Microsoft Office SharePoint XSS attempt
RuleID : 16560 - Revision : 17 - Type : SERVER-WEBAPP

Nessus® Vulnerability Scanner

DateDescription
2010-07-01Name : An application running on the remote web server has a denial of service vulne...
File : sharepoint_help_dos.nasl - Type : ACT_DENIAL
2010-07-01Name : An application running on the remote web server has a cross-site scripting vu...
File : sharepoint_help_xss.nasl - Type : ACT_ATTACK
2010-06-09Name : Arbitrary code can be executed on the remote host through a web browser.
File : smb_nt_ms10-035.nasl - Type : ACT_GATHER_INFO
2010-06-09Name : The remote host has multiple vulnerabilities.
File : smb_nt_ms10-039.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/40409
CERT http://www.us-cert.gov/cas/techalerts/TA10-159B.html
CONFIRM http://support.avaya.com/css/P8/documents/100089747
MS https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10...
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10...
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/58866

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
DateInformations
2018-10-13 00:22:56
  • Multiple Updates
2018-09-20 12:08:19
  • Multiple Updates
2017-09-19 09:23:43
  • Multiple Updates
2017-08-17 09:22:58
  • Multiple Updates
2016-09-30 01:02:22
  • Multiple Updates
2016-08-31 12:02:06
  • Multiple Updates
2016-08-05 12:02:27
  • Multiple Updates
2016-06-29 00:12:06
  • Multiple Updates
2016-04-26 19:42:52
  • Multiple Updates
2014-02-17 10:54:38
  • Multiple Updates
2014-01-19 21:26:45
  • Multiple Updates
2013-11-11 12:38:43
  • Multiple Updates
2013-05-10 23:21:46
  • Multiple Updates