| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS13-035 | Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2821818) | Microsoft Groove | Important | 10-04-2013 |
Technical Information
Brief overview of the risk:
This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow elevation of privilege if an attacker sends specially crafted content to a user.
Detailed Information on the risk:
An elevation of privilege vulnerability exists in the way that HTML strings are sanitized. An attacker who successfully exploited this vulnerability could perform cross-site scripting attacks on affected systems and run script in the security context of the current user.
Further information on this exploit is available at : MS13-035
Affected Software
Microsoft Groove Server 2010 Service Pack 1Microsoft InfoPath 2010 Service Pack 1 (32-bit editions)
Microsoft InfoPath 2010 Service Pack 1 (64-bit editions)
Microsoft SharePoint Server 2010 Service Pack 1
Microsoft Office Web Apps 2010 Service Pack 1