Check Point Advisories

Preemptive Protection against Microsoft SharePoint HTML Sanitization Cross-site Scripting (MS12-050; CVE-2012-1858)

Check Point Reference: CPAI-2012-309
Date Published: 10 Jul 2012
Severity: High
Last Updated: Sunday 01 January, 2012
Source: CVE-2012-1858
Protection Provided by:
Who is Vulnerable? Microsoft Office Client Software
Microsoft SharePoint Server
Microsoft Groove Server
Windows SharePoint Services and Microsoft SharePoint Foundation
Vulnerability Description A cross-site scripting vulnerability has been reported in Microsoft SharePoint.
Update/Patch AvaliableApply patches from: MS12-050
Vulnerability DetailsThe vulnerability is due to an error in the way HTML strings are sanitized. A remote attacker can exploit this vulnerability by submitting a specially crafted script to a target site that use HTML sanitization. Successful exploitation could allow an attacker to perform cross-site scripting attacks against affected users, resulting in script execution in the target's security context.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK