Check Point Advisories

Preemptive Protection against Microsoft SharePoint Cross-Site Scripting (XSS) Vulnerability

Check Point Reference: CPAI-2007-109
Date Published: 11 Sep 2007
Severity: Medium
Last Updated: Monday 01 January, 2007
Source: Microsoft Security Bulletin MS07-059
Industry Reference:CVE-2007-2581
Protection Provided by:
Who is Vulnerable? Microsoft Office SharePoint Server 2007
Microsoft Windows SharePoint Services 3.0
Vulnerability Description A cross-site scripting (XSS) vulnerability exists in Microsoft Windows SharePoint. The Microsoft SharePoint products allow enterprises to organize their information in a single collaborative portal application. A remote attacker can exploit this vulnerability to run malicious scripts on an affected system.
Update/Patch AvaliableApply patches:
Microsoft Security Bulletin MS07-059
Vulnerability DetailsThe vulnerability is due to an input validation error in Microsoft SharePoint which fails to properly ensure that URL encoded requests do not contain script code. A remote attacker can exploit this issue by convincing a user to click on a maliciously crafted URL that contains a script code. Successful exploitation will run a script which may lead to arbitrary code execution on the affected system.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK