Microsoft SharePoint Input Validation Flaws Permit Cross-Site Scripting, Information Disclosure, and URL Redirection Attacks

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Affiliates

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Partners

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > Microsoft SharePoint

Vendors: Microsoft

Microsoft SharePoint Input Validation Flaws Permit Cross-Site Scripting, Information Disclosure, and URL Redirection Attacks

SecurityTracker Alert ID: 1027232

SecurityTracker URL: http://securitytracker.com/id/1027232

CVE Reference: CVE-2012-1858, CVE-2012-1859, CVE-2012-1860, CVE-2012-1861, CVE-2012-1862, CVE-2012-1863 (Links to External Site)

Date: Jul 10 2012

Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 2007 SP2, 2007 SP3, 2010, 2010 SP1

Description: Several vulnerabilities were reported in Microsoft SharePoint. A remote user can conduct cross-site scripting attacks. A remote user can obtain potentially sensitive information. A remote user can conduct URL redirection attacks.

HTML strings are not properly filtered [CVE-2012-1858]. A remote user can cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the Microsoft SharePoint software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Adi Cohen of IBM Security Systems - Application Security reported this vulnerability.

The 'scriptresx.ashx' script does not properly filter HTML from user-supplied input [CVE-2012-1859]. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the Microsoft SharePoint software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

The software does not properly validate search scope permissions [CVE-2012-1860]. A user can view and modify other users' search scopes.

The software does not properly validate user-supplied input in the 'username' [CVE-2012-1861]. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the Microsoft SharePoint software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Yang Yang of Salesforce.com Product Security Team reported this vulnerability.

The software does not properly validate URLs [CVE-2012-1862]. A remote user can cause the target user's browser to be redirected to a different URL.

The software does not properly validate certain user-supplied input [CVE-2012-1863]. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the Microsoft SharePoint software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Microsoft InfoPath 2007 SP2, Microsoft Groove Server 2010 SP1, and Microsoft Office Web Apps 2010 SP1 are also affected by these vulnerabilities.

Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Microsoft SharePoint software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

A remote user can obtain potentially sensitive information.

Vendor URL: technet.microsoft.com/en-us/security/bulletin/ms12-050 (Links to External Site)

Cause: Access control error, Input validation error

Underlying OS: Windows (2003), Windows (2008)

Message History: None.

Source Message Contents


[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page