Microsoft SharePoint SafeHTML Information Disclosure Vulnerabilities (2412048) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS10-072.

Impact

Successful exploitation could allow remote attackers to gain sensitie information via a specially crafted script using SafeHTML. Impact Level: Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/MS10-072

Insight

Multiple flaws are due to the way SafeHTML function sanitizes HTML content.

Affected

Microsoft Office SharePoint Server 2007 Service Pack 2 Microsoft Windows SharePoint Services 3.0 Service Pack 2

References

http://support.microsoft.com/kb/2412048
http://technet.microsoft.com/en-us/security/bulletin/MS10-072

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3243, CVE-2010-3324

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Microsoft Outlook Information Disclosure Vulnerability (2894514)
Microsoft Kerberos Denial of Service Vulnerability (977290)
Microsoft Windows Media Center Remote Code Execution Vulnerability (2978742)
Microsoft Windows LSASS Denial of Service Vulnerability (975467)
Microsoft Active Directory Federation Services Information Disclosure Vulnerability (2873872)

Take action and discover your vulnerabilities