Microsoft SharePoint inplview.aspx cross-site scripting (HTTP_Sharepoint_Inplview_XSS)

About this signature or vulnerability

RealSecure Server Sensor, IBM Security Host Protection for Servers (Windows), IBM Security Network Protection, Proventia Network IPS, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology, IBM Security Host Protection for Servers (Unix), Proventia Network MFS, IBM Security Host Protection for Desktops, Proventia-G 1.1 and earlier, Proventia Network IDS:

This signature looks for requests to inplview.aspx which contain malicious javascript.


Default risk level

Medium risk vulnerability  Medium

Sensors that have this signature

RealSecure Server Sensor: XPU 32.020, IBM Security Host Protection for Servers (Windows): 2.1.14.2730, IBM Security Network Protection: 5.1, Proventia Network IPS: XPU 32.020, Virtual Server Protection for Vmware: XPU 32.020, Proventia Server IPS for Linux technology: 32.020, IBM Security Host Protection for Servers (Unix): 2.2.2, Proventia Network MFS: XPU 32.020, IBM Security Host Protection for Desktops: 2730, Proventia-G 1.1 and earlier: XPU 32.020, Proventia Network IDS: XPU 32.020

Systems affected

Microsoft SharePoint Foundation: 2010, Microsoft SharePoint Foundation: 2010 SP1

Type

Unauthorized Access Attempt

Vulnerability description

Microsoft SharePoint is vulnerable to cross-site scripting, caused by the improper validation of input by the inplview.aspx script. By persuading a victim to visit a specially-crafted Web site, a remote attacker could inject malicious content in the browser of the victim to obtain sensitive information and gain elevated privileges on the system.

How to remove this vulnerability

Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS12-011. See References.

References

Microsoft Security Bulletin MS12-011
Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2663841)
http://technet.microsoft.com/en-us/security/bulletin/ms12-011

ISS X-Force
Microsoft SharePoint inplview.aspx cross-site scripting
http://www.iss.net/security_center/static/72884.php

CVE
CVE-2012-0017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0017