MS10-039: Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554)
Medium Nessus Plugin ID 46846
SynopsisThe remote host has multiple vulnerabilities.
DescriptionThe remote Windows host is running a version of InfoPath, SharePoint Server, or SharePoint Services with the following vulnerabilities :
- A cross-site scripting vulnerability in Help.aspx.
- An information disclosure vulnerability in the toStaticHTML() API. (CVE-2010-1257)
- A denial of service vulnerability, triggered by sending specially crafted requests to the help page.
SolutionMicrosoft has released a set of patches for InfoPath 2003, InfoPath 2007, SharePoint Server 2007, and SharePoint Services 3.0.