Client Login
 Quick Contact
Microsoft's Sharepoint Vulnerability
Category : General 02 May 2010 09:15 AM | Industry News
Microsoft is investigating new public reports of a possible vulnerability in Microsoft Windows SharePoint Services 3.0 and Microsoft Office SharePoint Server 2007. The vulnerability could allow an attacker to run arbitrary script that could result in elevation of privilege within the SharePoint site, as opposed to elevation of privilege within the workstation or server environment.
The vulnerability exists due to failure in the “/_layouts/help.aspx” script to properly sanitize user-supplied input in “cid0" variable. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data.
An attacker can use browser to exploit this vulnerability.
Microsoft says it’s investigating a security flaw in older versions of its SharePoint Server product that an independent researcher says can easily expose sensitive data and user authentication credentials.
The XSS, or cross-site scripting, vulnerability has been confirmed in SharePoint Server 2007 and is likely also present in earlier versions of the content management system software, an advisory from High-Tech Bridge warned. It allows adversaries to inject malicious javascript into the application by appending commands to the address of the targeted system.