Release date:
Updated on:
Affected Systems:
Microsoft SharePoint Foundation 2010 SP1
Microsoft SharePoint Foundation 2010
Microsoft infopath2010
Microsoft InfoPath 2007 SP2
Microsoft infopath2007
Description:
--------------------------------------------------------------------------------
Bugtraq id: 54316
Cve id: CVE-2012-1863
SharePoint Server is a Server function integration suite that provides comprehensive Content Management and Enterprise Search, accelerating shared business processes and simplifying cross-border information sharing.
The cross-site scripting vulnerability exists in SharePoint implementation, which can cause users to run JS or publish SharePoint commands after clicking a malicious link.
<* Source: Microsoft
Link: http://secunia.com/advisories/49875/
Http://www.microsoft.com/technet/security/bulletin/MS12-050.asp
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Microsoft
---------
Microsoft has released a Security Bulletin (MS12-050) and patches for this:
MS12-050: Vulnerabilities in SharePoint cocould Allow Elevation of Privilege (2695502)
Link: http://www.microsoft.com/technet/security/bulletin/MS12-050.asp