MS10-039: Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554)

Medium Nessus Plugin ID 46846


The remote host has multiple vulnerabilities.


The remote Windows host is running a version of InfoPath, SharePoint Server, or SharePoint Services with the following vulnerabilities :

- A cross-site scripting vulnerability in Help.aspx.

- An information disclosure vulnerability in the toStaticHTML() API. (CVE-2010-1257)

- A denial of service vulnerability, triggered by sending specially crafted requests to the help page.


Microsoft has released a set of patches for InfoPath 2003, InfoPath 2007, SharePoint Server 2007, and SharePoint Services 3.0.

See Also

Plugin Details

Severity: Medium

ID: 46846

File Name: smb_nt_ms10-039.nasl

Version: $Revision: 1.25 $

Type: local

Agent: windows

Published: 2010/06/09

Modified: 2017/07/26

Dependencies: 11336, 57033, 27524

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:office, cpe:/a:microsoft:infopath, cpe:/a:microsoft:sharepoint_server, cpe:/a:microsoft:sharepoint_services

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/06/08

Vulnerability Publication Date: 2010/04/28

Exploitable With

Core Impact

Reference Information

CVE: CVE-2010-0817, CVE-2010-1257, CVE-2010-1264

BID: 39776, 40409, 40559

OSVDB: 64170, 65211, 65220

MSFT: MS10-039

IAVA: 2010-A-0079

MSKB: 979441, 979445, 980923, 983444