PROBLEM:
Several vulnerabilities were reported in Microsoft SharePoint
PLATFORM:
Microsoft SharePoint 2010 SP1
ABSTRACT:
This security update resolves four reported vulnerabilities in Microsoft SharePoint and Microsoft SharePoint Foundation.
REFERENCE LINKS:
Security Tracker Alert ID 1028278
MS Security Bulletin MS13-024
CVE-2013-0083
CVE-2013-0084
CVE-2013-0085
IMPACT ASSESSMENT:
High
DISCUSSION:
The security update addresses the vulnerabilities correcting the way that Microsoft SharePoint Server validates URLs and user input.
IMPACT:
A remote user can cause denial of service conditions
A remote user can conduct cross-site scripting attacks.
SOLUTION:
The vendor recommends updating to latest patches:
Microsoft SharePoint Server 2010 Service Pack 1
http://www.microsoft.com/downloads/details.aspx?familyid=a9e8acbd-90e5-4...