Microsoft Windows Knowledge Base Article 2663841 update is not installed (WinMs12kb2663841Update)

Vuln ID: 72887
Risk Level: High risk vulnerability  High WinMs12kb2663841Update
Platforms: Microsoft SharePoint Foundation: 2010, Microsoft Sharepoint Server: 2010, Microsoft SharePoint Foundation: 2010 SP1, Microsoft Sharepoint Server: 2010 SP1
Description:

Microsoft Windows Knowledge Base Article 2663841 update is not installed on the system, which could allow an attacker to exploit the following vulnerabilities:

Microsoft SharePoint is vulnerable to cross-site scripting, caused by the improper validation of input by the inplview.aspx script. By persuading a victim to visit a specially-crafted Web site, a remote attacker could inject malicious content in the browser of the victim to obtain sensitive information and gain elevated privileges on the system.

Microsoft SharePoint is vulnerable to cross-site scripting, caused by the improper validation of input by the themeweb.aspx script. By persuading a victim to visit a specially-crafted Web site, a remote attacker could inject malicious content in the browser of the victim to obtain sensitive information and gain elevated privileges on the system.

Microsoft SharePoint is vulnerable to cross-site scripting, caused by the improper validation of input by the wizardlist.aspx script. By persuading a victim to visit a specially-crafted Web site, a remote attacker could inject malicious content in the browser of the victim to obtain sensitive information and gain elevated privileges on the system.

Remedy:

Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS12-011. See References.

False Positives:
False Negatives:
Required Permission: Windows login
Additional Information:

References:

Microsoft Security Bulletin MS12-011
Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2663841)
http://technet.microsoft.com/en-us/security/bulletin/ms12-011

IBM Internet Security Systems X-Force Database
Microsoft SharePoint inplview.aspx cross-site scripting
http://xforce.iss.net/xforce/xfdb/72884

IBM Internet Security Systems X-Force Database
Microsoft SharePoint themeweb.aspx cross-site scripting
http://xforce.iss.net/xforce/xfdb/72885

IBM Internet Security Systems X-Force Database
Microsoft SharePoint wizardlist.aspx cross-site scripting
http://xforce.iss.net/xforce/xfdb/72886

ISS X-Force
Microsoft Windows Knowledge Base Article 2663841 update is not installed
http://www.iss.net/security_center/static/72887.php

CVE CVE-2012-0017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0017

CVE CVE-2012-0144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0144

CVE CVE-2012-0145
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0145


X-Force Logo
Know Your Risks
Mitre.org CVE Logo
Common Vulnerabilties & Exposures