|MS13-035||Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2821818)||Microsoft Groove||Important||10-04-2013|
Brief overview of the risk:
This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow elevation of privilege if an attacker sends specially crafted content to a user.
Detailed Information on the risk:
An elevation of privilege vulnerability exists in the way that HTML strings are sanitized. An attacker who successfully exploited this vulnerability could perform cross-site scripting attacks on affected systems and run script in the security context of the current user.
Further information on this exploit is available at : MS13-035
Affected SoftwareMicrosoft Groove Server 2010 Service Pack 1
Microsoft InfoPath 2010 Service Pack 1 (32-bit editions)
Microsoft InfoPath 2010 Service Pack 1 (64-bit editions)
Microsoft SharePoint Server 2010 Service Pack 1
Microsoft Office Web Apps 2010 Service Pack 1