MS12-050: Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by multiple privilege escalation and
information disclosure vulnerabilities.

Description :

The versions of InfoPath, Office SharePoint Server, SharePoint Server,
Groove Server, Windows SharePoint Services, SharePoint Foundation, or
Office Web Apps installed on the remote host are affected by multiple
privilege escalation and information disclosure vulnerabilities :

- An information disclosure vulnerability exists in the
way that HTML strings are sanitized. An attacker who
successfully exploited this vulnerability could perform
cross-site scripting attacks and run script in the
security context of the logged-on user. (CVE-2012-1858)

- A cross-site scripting and a privilege escalation
vulnerability allow attacker-controlled JavaScript to
run in the context of the user clicking a link. An
anonymous attacker could also potentially issue
SharePoint commands in the context of an authenticated
user on the site. (CVE-2012-1859)

- An information disclosure vulnerability exists in the
way that SharePoint stores search scopes. An attacker
could view or tamper with other users' search scopes.
(CVE-2012-1860)

- A cross-site scripting vulnerability exists that allows
attacker-controlled JavaScript to run in the context of
the user clicking a link. An anonymous attacker could
also potentially issue SharePoint commands in the
context of an authenticated user. (CVE-2012-1861)

- A URL redirection vulnerability exists in SharePoint.
The vulnerability could lead to spoofing and information
disclosure and could allow an attacker to redirect a
user to an external URL. (CVE-2012-1862)

- A cross-site scripting vulnerability exists that allows
attacker-controlled JavaScript to run in the context of
the user clicking a link. An anonymous attacker could
also potentially issue SharePoint commands in the
context of an authenticated user. (CVE-2012-1863).

See also :

http://www.nessus.org/u?c7d49512
http://technet.microsoft.com/en-us/security/bulletin/ms12-050

Solution :

Microsoft has released a set of patches for InfoPath 2007, InfoPath
2010, Office SharePoint Server 2007, SharePoint Server 2010, Groove
Server 2010, Windows SharePoint Services 2.0 and 3.0, SharePoint
Foundation 2010, and Office Web Apps 2010.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 4.8
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 59913 ()

Bugtraq ID: 53842
54312
54313
54314
54315
54316

CVE ID: CVE-2012-1858
CVE-2012-1859
CVE-2012-1860
CVE-2012-1861
CVE-2012-1862
CVE-2012-1863