<< Back
CVE Number Vulnerability Product Severity Date
MS10-072 Vulnerabilities in SafeHTML Could Allow Information Disclosure (2412048) Microsoft Office Critical 13-10-2010

Technical Information

Brief overview of the risk:
This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft SharePoint and Windows SharePoint Services.
Detailed Information on the risk:

An information disclosure vulnerability exists in the way that HTML is filtered that could allow an attacker to perform cross-site scripting attacks and run script in the security context of the logged-on user.

Further information on this exploit is available at : MS10-072

Affected Software

Microsoft Office SharePoint Server 2007 Service Pack 2
Microsoft Windows SharePoint Services 3.0 Service Pack 2