MS11-074: Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858)

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by multiple privilege escalation and
information disclosure vulnerabilities.

Description :

The version of SharePoint Services, SharePoint Server, Groove, or
Office Web Apps installed on the remote host has multiple privilege
escalation and information disclosure vulnerabilities.

A remote attacker could exploit them by tricking a user into making a
malicious request, resulting in arbitrary script code execution.

See also :

http://www.securityfocus.com/archive/1/519624
http://technet.microsoft.com/en-us/security/bulletin/ms11-074

Solution :

Microsoft has released a set of patches for SharePoint Server 2007,
SharePoint Server 2010, SharePoint Workspace 2010, SharePoint
Foundation 2010, Office Groove 2007, Office Forms Server 2007, Office
Groove Server 2007, Office Groove Data Bridge Server 2007, Office
Groove Management Server 2007, Groove Server 2010, Windows SharePoint
Services 2.0, Windows SharePoint Services 3.0, Office Web Apps 2010,
and Word Web App 2010.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 4.8
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 56177 ()

Bugtraq ID: 48199
49002
49004
49005
49010
49511
49620

CVE ID: CVE-2011-0653
CVE-2011-1252
CVE-2011-1890
CVE-2011-1891
CVE-2011-1892
CVE-2011-1893