Microsoft SharePoint Service Help.aspx 'tid' Parameter DoS

medium Nessus Plugin ID 47579


An application running on the remote web server has a denial of service vulnerability.


The version of Microsoft SharePoint Services running on the remote host has a denial of service vulnerability. Sending invalid data to the 'tid' parameter of 'help.aspx' can cause the application to hang.

A remote attacker could exploit this by sending malicious requests, causing SharePoint to hang temporarily, resulting in a denial of service. Repeatedly sending malicious requests can cause SharePoint's application pool to stop, which would require a manual restart of the application pool.


Microsoft has released a set of patches for SharePoint Services.

See Also

Plugin Details

Severity: Medium

ID: 47579

File Name: sharepoint_help_dos.nasl

Version: 1.21

Type: remote

Family: CGI abuses

Published: 7/1/2010

Updated: 1/19/2021

Configuration: Enable paranoid mode

Risk Information


Risk Factor: Low

Score: 3.6


Risk Factor: Medium

Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS Score Source: CVE-2010-1264

Vulnerability Information

Required KB Items: Settings/ParanoidReport, www/ASP, www/sharepoint

Exploit Ease: No exploit is required

Patch Publication Date: 6/8/2010

Vulnerability Publication Date: 6/8/2010

Reference Information

CVE: CVE-2010-1264

BID: 40559

MSFT: MS10-039

Secunia: 39603

MSKB: 2328360, 2344911, 2344993, 2345000, 2345009, 2345043, 2346411

IAVA: 2010-A-0079-S