| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS12-011 | Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2663841) | Microsoft SharePoint | Important | 15-02-2012 |
Technical Information
Brief overview of the risk:
This security update resolves three privately reported vulnerabilities in Microsoft SharePoint and Microsoft SharePoint Foundation. These vulnerabilities could allow elevation of privilege or information disclosure if a user clicked a specially crafted URL.
Detailed Information on the risk:
A cross-site scripting vulnerability exists in Microsoft SharePoint 2010 that could result in information disclosure or elevation of privilege if a user clicks a specially crafted URL containing malicious JavaScript elements. Due to the vulnerability, when the malicious JavaScript is echoed back to the user’s browser, the resulting page could allow an attacker to issue SharePoint commands in the context of the authenticated user on the targeted SharePoint site.
Further information on this exploit is available at : MS12-011
Affected Software
Microsoft SharePoint Server (Microsoft SharePoint Server 2010 and Microsoft SharePoint Server 2010 Service Pack 1)Microsoft SharePoint Foundation (Microsoft SharePoint Foundation 2010 and Microsoft SharePoint Foundation 2010 Service Pack 1)