| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS12-050 | Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502) | Microsoft InfoPath | Important | 11-07-2012 |
Technical Information
Brief overview of the risk:
This security update resolves one publicly disclosed and five privately reported vulnerabilities in Microsoft SharePoint and Windows SharePoint Services. The most severe vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL that takes the user to a targeted SharePoint site.
Detailed Information on the risk:
A cross-site scripting vulnerability exists in SharePoint allows attacker-controlled JavaScript to run in the context of the user clicking a link. This is an elevation of privilege vulnerability as it allows an anonymous attacker to potentially issue SharePoint commands in the context of an authenticated user.
Further information on this exploit is available at : MS12-050
Affected Software
Microsoft InfoPath 2007 Service Pack 2Microsoft InfoPath 2007 Service Pack 3
Microsoft InfoPath 2010 (32-bit editions)
Microsoft InfoPath 2010 Service Pack 1 (32-bit editions)
Microsoft InfoPath 2010 (64-bit editions)
Microsoft InfoPath 2010 Service Pack 1 (64-bit editions)
Microsoft Office SharePoint Server 2007 Service Pack 2 (32-bit editions)
Microsoft Office SharePoint Server 2007 Service Pack 3 (32-bit editions)
Microsoft Office SharePoint Server 2007 Service Pack 2 (64-bit editions)
Microsoft Office SharePoint Server 2007 Service Pack 3 (64-bit editions)
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2010 Service Pack 1
Microsoft Groove Server 2010
Microsoft Groove Server 2010 Service Pack 1
Microsoft Windows SharePoint Services 3.0 Service Pack 2 (32-bit version)
Microsoft Windows SharePoint Services 3.0 Service Pack 2 (64-bit version)
Microsoft SharePoint Foundation 2010
Microsoft SharePoint Foundation 2010 Service Pack 1
Microsoft Office Web Apps 2010
Microsoft Office Web Apps 2010 Service Pack 1