|MS10-072||Vulnerabilities in SafeHTML Could Allow Information Disclosure (2412048)||Microsoft Office||Critical||13-10-2010|
Brief overview of the risk:
This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft SharePoint and Windows SharePoint Services.
Detailed Information on the risk:
An information disclosure vulnerability exists in the way that HTML is filtered that could allow an attacker to perform cross-site scripting attacks and run script in the security context of the logged-on user.
Further information on this exploit is available at : MS10-072
Affected SoftwareMicrosoft Office SharePoint Server 2007 Service Pack 2
Microsoft Windows SharePoint Services 3.0 Service Pack 2