Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Microsoft SharePoint
Опубликовано:9 июня 2010 г.
Источник:
SecurityVulns ID:10915
Тип:удаленная
Уровень опасности:
6/10
Описание:Межсайтовый сркиптинг, утечка информации, отказ в обслуживании.
Затронутые продукты:MICROSOFT : SharePoint Server 2007
 MICROSOFT : InfoPath 2003
 MICROSOFT : InfoPath 2007
 MICROSOFT : SharePoint Services 3.0
CVE:CVE-2010-1264 (Unspecified vulnerability in Microsoft Windows SharePoint Services 3.0 SP1 and SP2 allows remote attackers to cause a denial of service (hang) via crafted requests to the Help page that cause repeated restarts of the application pool, aka "Sharepoint Help Page Denial of Service Vulnerability.")
 CVE-2010-1257 (Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization.)
 CVE-2010-0817 (Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter.)
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS10-039 - Important Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554) (09.06.2010)
Файлы:Microsoft Security Bulletin MS10-039 - Important Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород