Check Point Advisories

Preemptive Protection against Microsoft SharePoint Server Cross-Site Scripting Vulnerability (MS07-059)

Check Point Reference: CPAI-2007-119
Date Published: 11 Oct 2007
Severity: High
Last Updated: Tuesday 16 October, 2007
Source: Microsoft Security Bulletin MS07-059
Industry Reference:CVE-2007-2581
Protection Provided by:
Who is Vulnerable? Microsoft Windows SharePoint Services 3.0
Microsoft Office SharePoint Server 2007
Vulnerability Description A cross-site scripting (XSS) vulnerability exists in Microsoft Windows SharePoint Services and in Microsoft Office SharePoint Server. Windows SharePoint Services provide a platform for collaboration applications and document management. Office SharePoint Server is an integrated suite of server capabilities built on top of Windows SharePoint Services. Successful exploitation of this vulnerability could result in elevation of privilege within the SharePoint Site.
Update/Patch AvaliableApply patches:
Microsoft Security Bulletin MS07-059
Vulnerability DetailsThe vulnerability is due to insufficient validation of URL-encoded requests. A remote attacker may convince a user to click on a specially crafted link that contains script code. Successful exploitation of this issue may result in information disclosure, and may allow the attacker to run arbitrary code on the vulnerable system.

Protection Overview

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.