| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS10-038 | Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452) | Microsoft Office | Critical | 09-06-2010 |
Technical Information
Brief overview of the risk:
This security update resolves one publicly disclosed and two privately reported vulnerabilities in Microsoft SharePoint. The most severe vulnerability could allow elevation of privilege if an attacker convinced a user of a targeted SharePoint site to click on a specially crafted link.
Detailed Information on the risk:
A cross-site scripting and spoofing vulnerability exists in Microsoft Windows SharePoint Services 3.0 and Microsoft Office SharePoint Server 2007 that could allow an attacker to convince a user to run a malicious script. An attacker who successfully exploited the vulnerability could modify Web browser caches and intermediate proxy server caches. Additionally, an attacker could put spoofed content into those caches. An attacker may also be able to exploit the vulnerability to perform cross-site scripting attacks.
Further information on this exploit is available at : MS10-039
Affected Software
Microsoft Office InfoPath 2003 Service Pack 3Microsoft Office InfoPath 2007 Service Pack 1
Microsoft Office InfoPath 2007 Service Pack 2
Microsoft Office SharePoint Server 2007 Service Pack 1 (32-bit editions)
Microsoft Office SharePoint Server 2007 Service Pack 1 (64-bit editions)
Microsoft Office SharePoint Server 2007 Service Pack 2 (32-bit editions)
Microsoft Office SharePoint Server 2007 Service Pack 2 (64-bit editions)
Microsoft Windows SharePoint Services 3.0 Service Pack 1 (32-bit version)
Microsoft Windows SharePoint Services 3.0 Service Pack 1 (64-bit version)
Microsoft Windows SharePoint Services 3.0 Service Pack 2 (32-bit version)
Microsoft Windows SharePoint Services 3.0 Service Pack 2 (64-bit version)