MS10-039 Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554)
Important - Elevation of Privilege This security update resolves one publicly disclosed and two privately reported vulnerabilities in Microsoft SharePoint. The most severe vulnerability could allow elevation of privilege if an attacker convinced a user of a targeted SharePoint site to click on a specially crafted link.
Bulletin details at Microsoft.com
Bulletin details at Microsoft.com
Related CVE Entries
Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter.
Max CVSS
4.3
EPSS Score
85.88%
Published
2010-04-29
Updated
2018-10-12
Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization.
Max CVSS
4.3
EPSS Score
83.37%
Published
2010-06-08
Updated
2023-12-07
Unspecified vulnerability in Microsoft Windows SharePoint Services 3.0 SP1 and SP2 allows remote attackers to cause a denial of service (hang) via crafted requests to the Help page that cause repeated restarts of the application pool, aka "Sharepoint Help Page Denial of Service Vulnerability."
Max CVSS
4.0
EPSS Score
96.85%
Published
2010-06-08
Updated
2018-10-12