Advertisements

 Microsoft Windows SharePoint Services / Office SharePoint Server XSS

Friday, 12 October 2007

Vendor: Microsoft

Description:

A vulnerability has been reported in Microsoft SharePoint Services and Office SharePoint Server, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the URL is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Solution:
Apply updates.

Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 SP1/SP2:
http://www.microsoft.com/downloads/de...=76FC2225-2802-46E5-A294-A842E3841877

Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/de...=667335DD-DF2E-4F14-A130-5758701BE055

Microsoft Office SharePoint Server 2007:
http://www.microsoft.com/downloads/de...=AAEA9695-F541-4C4C-9107-81EAD5CFC8C9

Microsoft Office SharePoint Server 2007 x64 Edition:
http://www.microsoft.com/downloads/de...=1D319164-D133-4493-BE27-1AEDA62362C4

Provided and/or discovered by:
Solarius

Original Advisories:
MS07-059 (KB942017):
http://www.microsoft.com/technet/security/Bulletin/MS07-059.mspx

Secunia:
http://secunia.com/advisories/27148/



Share this content:
        
Advertisements
Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.