Межсайтовый скриптинг в Microsoft Office SharePoint, InfoPath и Groove

Дата публикации:
11.07.2012
Дата изменения:
11.07.2012
Всего просмотров:
1170
Опасность:
Низкая
Наличие исправления:
Да
Количество уязвимостей:
1
CVSSv2 рейтинг:
(AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:O/RC:C) = Base:4.3/Temporal:3.2
CVE ID:
CVE-2012-1858
Вектор эксплуатации:
Удаленная
Воздействие:
Межсайтовый скриптинг
CWE ID:
Нет данных
Наличие эксплоита:
Нет данных
Уязвимые продукты:
Microsoft Office SharePoint Server 2007
Microsoft Office Web Apps
Microsoft SharePoint Foundation 2010
Microsoft SharePoint Server 2010
Microsoft Windows SharePoint Services 3.x
Microsoft Office InfoPath 2007
Microsoft InfoPath 2010
Microsoft Groove Server 2010
Уязвимые версии:
Microsoft Office SharePoint Server 2007
Microsoft Office SharePoint Server 2010
Microsoft InfoPath 2007
Microsoft Groove Server 2010
Microsoft Windows SharePoint Services 3.0
SharePoint Foundation 2010
Microsoft Office Web Apps 2010

Описание:
Уязвимость позволяет удаленному пользователю произвести XSS нападение.

Уязвимость существует из-за недостаточной обработки HTML строк. Удаленный пользователь может произвести XSS нападение и выполнить произвольный код сценария в контексте безопасности авторизованного пользователя. Подробное описание уязвимости:
http://www.securitylab.ru/vulnerability/425634.php #1

URL производителя: www.microsoft.com

Решение: Установите исправление с сайта производителя.

Microsoft InfoPath 2007 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=da8fa3b6-5d01-49e1-a1ce-e3f47ace102b

http://www.microsoft.com/downloads/details.aspx?familyid=a0c826bc-aef8-4833-8471-1824a405c59f

Microsoft InfoPath 2007 Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=da8fa3b6-5d01-49e1-a1ce-e3f47ace102b

http://www.microsoft.com/downloads/details.aspx?familyid=a0c826bc-aef8-4833-8471-1824a405c59f

Microsoft InfoPath 2010 (32-bit editions):

http://www.microsoft.com/downloads/details.aspx?familyid=698e6369-253b-4dbe-b6cd-7ea5ea09e043

http://www.microsoft.com/downloads/details.aspx?familyid=036b2482-0fb4-46f0-9c38-8bae6d0d669b

Microsoft InfoPath 2010 Service Pack 1 (32-bit editions):

http://www.microsoft.com/downloads/details.aspx?familyid=698e6369-253b-4dbe-b6cd-7ea5ea09e043

http://www.microsoft.com/downloads/details.aspx?familyid=036b2482-0fb4-46f0-9c38-8bae6d0d669b

Microsoft InfoPath 2010 (64-bit editions):

http://www.microsoft.com/downloads/details.aspx?familyid=3bf373aa-b4ad-4e1a-9578-800485ece148

http://www.microsoft.com/downloads/details.aspx?familyid=e24337cb-83b4-424f-bc4d-0d43437228a2

Microsoft InfoPath 2010 Service Pack 1 (64-bit editions):

http://www.microsoft.com/downloads/details.aspx?familyid=3bf373aa-b4ad-4e1a-9578-800485ece148

http://www.microsoft.com/downloads/details.aspx?familyid=e24337cb-83b4-424f-bc4d-0d43437228a2

Microsoft Office SharePoint Server 2007 Service Pack 2 (32-bit editions):

http://www.microsoft.com/downloads/details.aspx?familyid=4073d6e1-32f0-44a8-ae55-3c140ebc09d2

http://www.microsoft.com/downloads/details.aspx?familyid=d9091923-67c7-4535-b44c-40a5292a94d9

Microsoft Office SharePoint Server 2007 Service Pack 3 (32-bit editions):

http://www.microsoft.com/downloads/details.aspx?familyid=4073d6e1-32f0-44a8-ae55-3c140ebc09d2

http://www.microsoft.com/downloads/details.aspx?familyid=d9091923-67c7-4535-b44c-40a5292a94d9

Microsoft Office SharePoint Server 2007 Service Pack 2 (64-bit editions):

http://www.microsoft.com/downloads/details.aspx?familyid=b1acb373-0041-4883-8834-90a72ac04c91

http://www.microsoft.com/downloads/details.aspx?familyid=723a5553-8610-49bf-99c0-bd94926bdc0b

Microsoft Office SharePoint Server 2007 Service Pack 3 (64-bit editions):

http://www.microsoft.com/downloads/details.aspx?familyid=b1acb373-0041-4883-8834-90a72ac04c91

http://www.microsoft.com/downloads/details.aspx?familyid=723a5553-8610-49bf-99c0-bd94926bdc0b

Microsoft SharePoint Server 2010:

http://www.microsoft.com/downloads/details.aspx?familyid=59cbb3d0-4ba5-4f89-b54c-ae9aa2aa3b41

http://www.microsoft.com/downloads/details.aspx?familyid=8a853489-a3ec-4be2-8093-6a992f9c8368

Microsoft SharePoint Server 2010 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=59cbb3d0-4ba5-4f89-b54c-ae9aa2aa3b41

http://www.microsoft.com/downloads/details.aspx?familyid=8a853489-a3ec-4be2-8093-6a992f9c8368

Microsoft Groove Server 2010:

http://www.microsoft.com/downloads/details.aspx?FamilyId=e2346078-fc93-4355-bc83-0d0dc1cd4b2f

Microsoft Groove Server 2010 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=e2346078-fc93-4355-bc83-0d0dc1cd4b2f

Microsoft Windows SharePoint Services 3.0 Service Pack 2 (32-bit version):

http://www.microsoft.com/downloads/details.aspx?familyid=61b9f234-3d9c-41d4-854d-30ca5e6fd2a6

Microsoft Windows SharePoint Services 3.0 Service Pack 2 (64-bit version):

http://www.microsoft.com/downloads/details.aspx?familyid=24265175-635f-4846-afcc-f692d4710707

Microsoft SharePoint Foundation 2010:

http://www.microsoft.com/downloads/details.aspx?familyid=4d610646-a0bd-492c-9077-fb2c92588c14

Microsoft SharePoint Foundation 2010 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=4d610646-a0bd-492c-9077-fb2c92588c14

Microsoft Office Web Apps 2010:

http://www.microsoft.com/downloads/details.aspx?familyid=f2d1c371-d617-4792-966e-14ae9ed6b8a1

Microsoft Office Web Apps 2010 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=f2d1c371-d617-4792-966e-14ae9ed6b8a1


Ссылки: MS12-050: Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502)
или введите имя

CAPTCHA