<< Back
CVE Number Vulnerability Product Severity Date
MS12-011 Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2663841) Microsoft SharePoint Important 15-02-2012

Technical Information

Brief overview of the risk:
This security update resolves three privately reported vulnerabilities in Microsoft SharePoint and Microsoft SharePoint Foundation. These vulnerabilities could allow elevation of privilege or information disclosure if a user clicked a specially crafted URL.
Detailed Information on the risk:

A cross-site scripting vulnerability exists in Microsoft SharePoint 2010 that could result in information disclosure or elevation of privilege if a user clicks a specially crafted URL containing malicious JavaScript elements. Due to the vulnerability, when the malicious JavaScript is echoed back to the user’s browser, the resulting page could allow an attacker to issue SharePoint commands in the context of the authenticated user on the targeted SharePoint site.

Further information on this exploit is available at : MS12-011

Affected Software

Microsoft SharePoint Server (Microsoft SharePoint Server 2010 and Microsoft SharePoint Server 2010 Service Pack 1)
Microsoft SharePoint Foundation (Microsoft SharePoint Foundation 2010 and Microsoft SharePoint Foundation 2010 Service Pack 1)