Summary
This host is missing an important security update according to Microsoft Bulletin MS12-011.
Impact
Successful exploitation will allow attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
Impact Level: Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms12-011
Insight
Input passed to 'inplview.aspx', 'themeweb.aspx' and 'skey' parameter in 'wizardlist.aspx' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Affected
Microsoft SharePoint Server 2010 Service Pack 1 and prior Microsoft SharePoint Foundation 2010 Service Pack 1 and prior
References
Severity
Classification
-
CVE CVE-2012-0017, CVE-2012-0144, CVE-2012-0145 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Microsoft Kerberos Denial of Service Vulnerability (977290)
- Microsoft VS Team Foundation Server SignalR XSS Vulnerability (2905244)
- Microsoft Window XML Core Services Information Disclosure Vulnerability (2966061)
- Microsoft Windows IIS FTP Service Information Disclosure Vulnerability (2761226)
- Microsoft Windows Kernel Information Disclosure Vulnerability (2839229)