LinkBack URL
About LinkBacks
Microsoft Security Advisory (983438)
Vulnerability in Microsoft SharePoint Could Allow Elevation of Privilege Revisions - 1.0 (April 29, 2010): Advisory published.
Mitigating FactorsMicrosoft is investigating new public reports of a possible vulnerability in Microsoft Windows SharePoint Services 3.0 and Microsoft Office SharePoint Server 2007. The vulnerability could allow an attacker to run arbitrary script that could result in elevation of privilege within the SharePoint site, as opposed to elevation of privilege within the workstation or server environment...
Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.
"Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of this issue. The following mitigating factors may be helpful in your situation:
•
An attacker can cause arbitrary JavaScript to be run by the user clicking the specially crafted URL, but the attacker would not be able to steal the logged-on user's authentication credentials due to the way SharePoint Server handles the HttpOnly authentication cookie
•
The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful, a user must click on a URL that is sent in an e-mail message.
•
Internet Explorer 8 users browsing to a SharePoint site in the Internet Zone are at a reduced risk because, by default, the XSS Filter in Internet Explorer 8 prevents this attack in the Internet Zone. The Internet Explorer 8 XSS Filter, however, is not enabled by default in the Intranet Zone."
http://www.microsoft.com/technet/security/advisory/983438.mspx
Results 1 to 3 of 3
- Moderator
- Join Date
- Dec 2008
- Location
- Italy
- Posts
- 6,895
- Liked
- 1067 times
- Points
- 71,755
Vulnerability in Microsoft SharePoint Could Allow Elevation of Privilege (983438)
Roger and out
- Experienced User
- Join Date
- Jan 2010
- Location
- India
- Posts
- 2,665
- Liked
- 13 times
- Points
- 38,657
MS Sharepoint cross-site scripting attacks
Microsoft recently warned users of a new flaw in SharePoint Server 2007 and SharePoint Services 3.0 which could allow a cross-site scripting attack.
Though there have been no reports of attacks targeting the vulnerability, still administrators are advised to apply an access control list.
Read more here
I'm the Beauty and you are the Beast.
- Moderator
- Join Date
- Dec 2008
- Location
- Italy
- Posts
- 6,895
- Liked
- 1067 times
- Points
- 71,755
thank you grr
http://forum.raymond.cc/security-bulletin/19763-vulnerability-in-microsoft-sharepoint-could-allow-elevation-of-privilege-983438-a.html
@ moderators: can you please merge/move this thread?
Reply With QuoteSimilar Threads
-
Microsoft Vulnerability Research/Advisories.
By Ceyfer √ in forum Security BulletinReplies: 7Last Post: 04-21-2011, 02:43 PM -
Vulnerability in Microsoft Malware Protection Engine
By leofelix in forum Security BulletinReplies: 5Last Post: 02-25-2011, 04:45 PM -
Microsoft SharePoint Designer 2007 worth $299.95 for free.
By safeguy in forum Freebies!Replies: 9Last Post: 11-19-2009, 08:40 AM -
SharePoint Designer 2007
By Junn in forum Freebies!Replies: 4Last Post: 05-05-2009, 02:20 AM -
Download Microsoft SharePoint Designer Free
By Kazemagic in forum Freebies!Replies: 5Last Post: 05-04-2009, 06:53 AM