#VU3049 Cross-site scripting in Microsoft products - CVE-2010-1257

Cybersecurity Help s.r.o.

Published: 2016-12-30

Vulnerability identifier: #VU3049

Vulnerability risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2010-1257

CWE-ID: CWE-79

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Microsoft Windows SharePoint Services
Web applications / Other software
Microsoft Office InfoPath
Client/Desktop applications / Office applications
Microsoft SharePoint Server
Server applications / Application servers

Vendor: Microsoft

Description

The vulnerability allows a remote attacker to perform XSS attacks.

The vulnerability exists due to insufficient sanitization of user-supplied input data within SharePoint toStaticHTML API. A remote attacker can trick the victim into following a specially crafted link and execute arbitrary HTML and script code in victim’s browser in context of vulnerable SharePoint website.

Successful exploitation may allow an attacker to conduct phishing and drive-by-download attacks and obtain potentially sensitive information.

Mitigation
Install updates from vendor's website:

Microsoft Office InfoPath 2003 Service Pack 3
https://www.microsoft.com/downloads/details.aspx?familyid=4f79d376-0ea2-4218-9200-3c34c83ba336

Microsoft Office InfoPath 2007 Service Pack 1 and Microsoft Office InfoPath 2007 Service Pack 2
https://www.microsoft.com/downloads/details.aspx?familyid=bfa8765a-7970-4feb-996c-7c27d71c97c6

Microsoft Office SharePoint Server 2007 Service Pack 1 and Microsoft Office SharePoint Server 2007 Service Pack 2 (32-bit editions)
https://www.microsoft.com/downloads/details.aspx?familyid=52a55423-f33b-4cd1-919d-806972a553df

Microsoft Office SharePoint Server 2007 Service Pack 1 and Microsoft Office SharePoint Server 2007 Service Pack 2 (64-bit editions)
https://www.microsoft.com/downloads/details.aspx?familyid=52a55423-f33b-4cd1-919d-806972a553df

Microsoft Windows SharePoint Services 3.0 Service Pack 1 and Microsoft Windows SharePoint Services 3.0 Service Pack 2 (32-bit versions)
https://www.microsoft.com/downloads/details.aspx?familyid=3841ceda-d0af-4e5e-8a1a-7dd954850783

Microsoft Windows SharePoint Services 3.0 Service Pack 1 and Microsoft Windows SharePoint Services 3.0 Service Pack 2 (64-bit versions)
https://www.microsoft.com/downloads/details.aspx?familyid=94bc76d4-78e4-4bda-8922-36c3a9d3854f

Vulnerable software versions

Microsoft Windows SharePoint Services: 3.0 SP1

Microsoft Office InfoPath: 2003 - 2007

Microsoft SharePoint Server: 2007

External links
https://technet.microsoft.com/en-us/library/security/ms10-039.aspx

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Microsoft SharePoint