MS12-050 Vulnerabilities in SharePoint Could Allow Elevation of Privilege
2012-07-10 This security update resolves one publicly disclosed and five privately reported vulnerabilities in Microsoft SharePoint and Windows SharePoint Services. The most severe vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL that takes the user to a targeted SharePoint site.
Vulnerabilities addressed in this bulletin:
Bulletin details at Microsoft.com
Vulnerabilities addressed in this bulletin:
- HTML Sanitization Vulnerability
- An information disclosure vulnerability exists in the way that HTML strings are sanitized. An attacker who successfully exploited this vulnerability could perform cross-site scripting attacks and run script in the security context of the logged-on user.
CVE-2012-1858 - XSS scriptresx.ashx Vulnerability
- A cross-site scripting and elevation of privilege vulnerability exists in SharePoint allows attacker-controlled JavaScript to run in the context of the user clicking a link. This is an elevation of privilege vulnerability as it allows an anonymous attacker to potentially issue SharePoint commands in the context of an authenticated user on the site.
CVE-2012-1859 - SharePoint Search Scope Vulnerability
- An information disclosure vulnerability exists in the way that SharePoint stores search scopes. An attacker could view or tamper with other users' search scopes.
CVE-2012-1860 - SharePoint Script in Username Vulnerability
- A cross-site scripting vulnerability exists in SharePoint allows attacker-controlled JavaScript to run in the context of the user clicking a link. This is an elevation of privilege vulnerability as it allows an anonymous attacker to potentially issue SharePoint commands in the context of an authenticated user.
CVE-2012-1861 - SharePoint URL Redirection Vulnerability
- A URL redirection vulnerability, which could lead to spoofing and information disclosure, exists in SharePoint which could allow an attacker to redirect a user to an external URL.
CVE-2012-1862 - SharePoint Reflected List Parameter Vulnerability
- A cross-site scripting vulnerability exists in SharePoint allows attacker-controlled JavaScript to run in the context of the user clicking a link. This is an elevation of privilege vulnerability as it allows an anonymous attacker to potentially issue SharePoint commands in the context of an authenticated user.
CVE-2012-1863
Bulletin details at Microsoft.com
Related CVE Entries
Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability."
Max CVSS
4.3
EPSS Score
83.66%
Published
2012-07-10
Updated
2018-10-12
Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability."
Max CVSS
5.5
EPSS Score
0.18%
Published
2012-07-10
Updated
2018-10-12
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability."
Max CVSS
4.3
EPSS Score
83.66%
Published
2012-07-10
Updated
2018-10-12
Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability."
Max CVSS
6.8
EPSS Score
0.87%
Published
2012-07-10
Updated
2018-10-12
Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability."
Max CVSS
4.3
EPSS Score
83.66%
Published
2012-07-10
Updated
2018-10-12
The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
Max CVSS
4.3
EPSS Score
96.43%
Published
2012-06-12
Updated
2023-12-07