You are here

V-112: Microsoft SharePoint Input Validation Flaws Permit Cross-Site Scripting and Denial of Service Attacks

March 15, 2013 - 6:00am

Addthis

PROBLEM:

Several vulnerabilities were reported in Microsoft SharePoint

PLATFORM:

Microsoft SharePoint 2010 SP1

ABSTRACT:

This security update resolves four reported vulnerabilities in Microsoft SharePoint and Microsoft SharePoint Foundation.

REFERENCE LINKS:

Security Tracker Alert ID 1028278
MS Security Bulletin MS13-024

CVE-2013-0080

CVE-2013-0083
CVE-2013-0084
CVE-2013-0085

IMPACT ASSESSMENT:

High

DISCUSSION:

The security update addresses the vulnerabilities correcting the way that Microsoft SharePoint Server validates URLs and user input.

IMPACT:

A remote user can cause denial of service conditions
A remote user can conduct cross-site scripting attacks.

SOLUTION:

The vendor recommends updating to latest patches:

Microsoft SharePoint Server 2010 Service Pack 1

http://www.microsoft.com/downloads/details.aspx?familyid=a9e8acbd-90e5-4...

Microsoft SharePoint Foundation 2010 Service Pack 1

Addthis