| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS11-074 | Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858) | Microsoft Office | Critical | 14-09-2011 |
Technical Information
Brief overview of the risk:
This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft SharePoint and Windows SharePoint Services. The most severe vulnerabilities could allow elevation of privilege if a user clicked on a specially crafted URL or visited a specially crafted Web site.
Detailed Information on the risk:
A cross-site scripting, information disclosure, and elevation of privilege vulnerability exists in Microsoft SharePoint Server and Windows SharePoint Services where JavaScript that is encoded in a specially crafted URL can be reflected back to the user in the resulting page, allowing an attacker to issue SharePoint commands in the context of the authenticated user on a targeted SharePoint site.
Further information on this exploit is available at : MS11-074
Affected Software
Microsoft Office Groove 2007 Service Pack 2Microsoft SharePoint Workspace 2010 and Microsoft SharePoint Workspace 2010 Service Pack 1 (32-bit editions)
Microsoft SharePoint Workspace 2010 and Microsoft SharePoint Workspace 2010 Service Pack 1 (64-bit editions)