Summary
This host is missing a critical security update according to Microsoft Bulletin MS10-039.
Impact
Successful exploitation could allow attackers to attackers to gain knowledge of sensitive information or cause a denial of service.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms10-039.mspx
Insight
The flaws are due to,
- An error within the 'help.aspx' page, which could allow cross-site scripting attacks.
- An error in the way that the 'toStaticHTML' API sanitizes HTML on a SharePoint site, which could allow cross-site scripting attacks.
- An error when handling specially crafted requests sent to the Help page, which could allow attackers to cause a denial of service.
Affected
Microsoft Office InfoPath 2003 Service Pack 3
Microsoft Office InfoPath 2007 Service Pack 1/2
Microsoft Office SharePoint Server 2007 Service Pack 2 Microsoft Windows SharePoint Services 3.0 Service Pack 1/2
References
Severity
Classification
-
CVE CVE-2010-1257, CVE-2010-1264 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Microsoft Windows Local Procedure Call Local Privilege Escalation Vulnerability (2898715)
- Microsoft OneNote Information Disclosure Vulnerability (2816264)
- Microsoft .NET Framework Security Bypass Vulnerability (2984625)
- Microsoft Office Information Disclosure Vulnerability (2909976)
- Microsoft Windows DirectWrite Denial of Service Vulnerability (2665364)