Microsoft SharePoint SafeHTML Information Disclosure Vulnerabilities (2412048) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS10-072.

Impact

Successful exploitation could allow remote attackers to gain sensitie information via a specially crafted script using SafeHTML. Impact Level: Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/MS10-072

Insight

Multiple flaws are due to the way SafeHTML function sanitizes HTML content.

Affected

Microsoft Office SharePoint Server 2007 Service Pack 2 Microsoft Windows SharePoint Services 3.0 Service Pack 2

References

http://support.microsoft.com/kb/2412048
http://technet.microsoft.com/en-us/security/bulletin/MS10-072

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3243, CVE-2010-3324

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Microsoft Security Bulletin MS06-056
Microsoft ASP.NET Information Disclosure Vulnerability (2418042)
Microsoft Exchange and Windows SMTP Service Denial of Service Vulnerability (981832)
Microsoft .NET Framework Denial of Service Vulnerability (2990931)
Microsoft Windows Active Directory Denial of Service Vulnerability (2830914)

Take action and discover your vulnerabilities