Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554) |
Informations | |||
---|---|---|---|
Name | MS10-039 | First vendor Publication | 2010-06-08 |
Vendor | Microsoft | Last vendor Modification | 2010-06-08 |
Severity (Vendor) | Important | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.0 (June 8, 2010): Bulletin published.Summary: This security update resolves one publicly disclosed and two privately reported vulnerabilities in Microsoft SharePoint. The most severe vulnerability could allow elevation of privilege if an attacker convinced a user of a targeted SharePoint site to click on a specially crafted link. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS10-039.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:6677 | |||
Oval ID: | oval:org.mitre.oval:def:6677 | ||
Title: | toStaticHTML Information Disclosure Vulnerability | ||
Description: | Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-1257 | Version: | 19 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 8 Microsoft Office InfoPath 2003 Microsoft Office InfoPath 2007 Microsoft Office SharePoint Server 2007 Microsoft Windows SharePoint Services 3.0 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7241 | |||
Oval ID: | oval:org.mitre.oval:def:7241 | ||
Title: | Sharepoint Help Page Denial of Service Vulnerability | ||
Description: | Unspecified vulnerability in Microsoft Windows SharePoint Services 3.0 SP1 and SP2 allows remote attackers to cause a denial of service (hang) via crafted requests to the Help page that cause repeated restarts of the application pool, aka "Sharepoint Help Page Denial of Service Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-1264 | Version: | 7 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | Microsoft Windows SharePoint Services 3.0 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7468 | |||
Oval ID: | oval:org.mitre.oval:def:7468 | ||
Title: | Help.aspx XSS Vulnerability | ||
Description: | Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0817 | Version: | 7 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | Microsoft Windows SharePoint Services 3.0 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 | |
Application | 5 | |
Application | 4 |
OpenVAS Exploits
Date | Description |
---|---|
2011-09-14 | Name : Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vu... File : nvt/gb_sharepoint_39776.nasl |
2010-06-09 | Name : Microsoft Internet Explorer Multiple Vulnerabilities (982381) File : nvt/secpod_ms10-035.nasl |
2010-06-09 | Name : Microsoft SharePoint Privilege Elevation Vulnerabilities (2028554) File : nvt/secpod_ms10-039.nasl |
2010-05-04 | Name : Microsoft SharePoint '_layouts/help.aspx' Cross Site Scripting Vulnerability File : nvt/secpod_ms_sharepoint_layouts_xss_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
65220 | Microsoft SharePoint Crafted Request Help Page Invocation Remote DoS Microsoft SharePoint contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker uses crafted requests to the Help page (help.aspx) via the 'tid' parameter to cause the application pool to repeatedly restart, which will result in a loss of availability. |
65211 | Microsoft IE / Sharepoint toStaticHTML Information Disclosure Microsoft Internet Explorer and Sharepoint contain a flaw that may lead to an unspecified unauthorized information disclosure. This issue is triggered when the 'toStaticHTML()' method fails to properly sanitise HTML code. This may allow a remote attacker to conduct cross-site scripting attacks. |
64170 | Microsoft SharePoint Server _layouts/help.aspx cid0 Parameter XSS |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2010-06-10 | IAVM : 2010-A-0079 - Multiple Vulnerabilities in Microsoft Office SharePoint Severity : Category II - VMSKEY : V0024377 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Office SharePoint Server 2007 help.aspx denial of service attempt RuleID : 16660 - Revision : 16 - Type : SERVER-WEBAPP |
2014-01-10 | Microsoft Internet Explorer 8 cross-site scripting attempt RuleID : 16658 - Revision : 7 - Type : BROWSER-IE |
2014-01-10 | Microsoft Office SharePoint XSS attempt RuleID : 16560 - Revision : 17 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-07-01 | Name : An application running on the remote web server has a denial of service vulne... File : sharepoint_help_dos.nasl - Type : ACT_DENIAL |
2010-07-01 | Name : An application running on the remote web server has a cross-site scripting vu... File : sharepoint_help_xss.nasl - Type : ACT_ATTACK |
2010-06-09 | Name : Arbitrary code can be executed on the remote host through a web browser. File : smb_nt_ms10-035.nasl - Type : ACT_GATHER_INFO |
2010-06-09 | Name : The remote host has multiple vulnerabilities. File : smb_nt_ms10-039.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-04-26 23:00:01 |
|
2014-02-17 11:46:35 |
|
2014-02-12 21:20:56 |
|
2014-01-19 21:30:29 |
|
2013-11-11 12:41:17 |
|