| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS10-072 | Vulnerabilities in SafeHTML Could Allow Information Disclosure (2412048) | Microsoft Office | Critical | 13-10-2010 |
Technical Information
Brief overview of the risk:
This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft SharePoint and Windows SharePoint Services.
Detailed Information on the risk:
An information disclosure vulnerability exists in the way that HTML is filtered that could allow an attacker to perform cross-site scripting attacks and run script in the security context of the logged-on user.
Further information on this exploit is available at : MS10-072
Affected Software
Microsoft Office SharePoint Server 2007 Service Pack 2Microsoft Windows SharePoint Services 3.0 Service Pack 2