Vulnerability Bulletins |
Cross-site scripting en Microsoft SharePoint Server 2007 |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Aumento de la visibilidad |
| Dificulty | Avanzado |
| Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
| Property | Value |
| Affected manufacturer | Microsoft |
| Affected software |
Microsoft SharePoint Services 3.0 Microsoft Office InfoPath 2003 Microsoft Office InfoPath 2007 Microsoft Office SharePoint Server 2007 |
Description |
|
|
Se ha descubierto una vulnerabilidad de tipo Cross-site scripting en Microsoft SharePoint Server 2007 12.0.0.6421 y posiblemente en versiones anteirores. La vulnerabilidad reside en un error en "_layouts/help.aspx". Un atacante remoto podría conseguir una elevación de privilegios inyectando código web script o html arbitrario por medio del parámetro "cid0". Este boletín sustituye a MS08-077. |
|
Solution |
|
|
Actualización de software Microsoft (MS10-039) Microsoft Office InfoPath 2003 SP3 / patch office2003-KB980923-FullFile-ENU Microsoft Office InfoPath 2007 SP1 and Microsoft Office InfoPath 2007 SP2 / patch office-kb979441-fullfile-x86-glb Microsoft Office SharePoint Server 2007 SP1 (32-bit) / patch office-kb979445-fullfile-x86-glb Microsoft Office SharePoint Server 2007 SP2 (32-bit) / patch office-kb979445-fullfile-x86-glb Microsoft Office SharePoint Server 2007 SP1 (64-bit) / patch office-kb979445-fullfile-x64-glb Microsoft Office SharePoint Server 2007 SP2 (64-bit) / patch office-kb979445-fullfile-x64-glb Microsoft Windows SharePoint Services 3.0 SP1 y SP2 (32-bit versions) / patch wss-kb983444-fullfile-x86-glb Microsoft Windows SharePoint Services 3.0 SP1 y SP2 (64-bit versions) / patch wss-kb983444-fullfile-x64-glb http://www.microsoft.com/downloads |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2010-0817 |
| BID | |
Other resources |
|
|
Microsoft Security Advisory (983438) http://www.microsoft.com/technet/security/advisory/983438.mspx Microsoft Security Bulletin (MS10-039) http://www.microsoft.com/technet/security/bulletin/MS10-039.mspx |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido por Microsoft (983438) | 2010-05-10 |
| 1.1 | Aviso emitido por Microsoft (MS10-039) | 2010-06-09 |