MS12-050: Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502)

medium Nessus Plugin ID 59913
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote host is affected by multiple privilege escalation and information disclosure vulnerabilities.

Description

The versions of InfoPath, Office SharePoint Server, SharePoint Server, Groove Server, Windows SharePoint Services, SharePoint Foundation, or Office Web Apps installed on the remote host are affected by multiple privilege escalation and information disclosure vulnerabilities :

- An information disclosure vulnerability exists in the way that HTML strings are sanitized. An attacker who successfully exploited this vulnerability could perform cross-site scripting attacks and run script in the security context of the logged-on user. (CVE-2012-1858)

- A cross-site scripting and a privilege escalation vulnerability allow attacker-controlled JavaScript to run in the context of the user clicking a link. An anonymous attacker could also potentially issue SharePoint commands in the context of an authenticated user on the site. (CVE-2012-1859)

- An information disclosure vulnerability exists in the way that SharePoint stores search scopes. An attacker could view or tamper with other users' search scopes.
(CVE-2012-1860)

- A cross-site scripting vulnerability exists that allows attacker-controlled JavaScript to run in the context of the user clicking a link. An anonymous attacker could also potentially issue SharePoint commands in the context of an authenticated user. (CVE-2012-1861)

- A URL redirection vulnerability exists in SharePoint.
The vulnerability could lead to spoofing and information disclosure and could allow an attacker to redirect a user to an external URL. (CVE-2012-1862)

- A cross-site scripting vulnerability exists that allows attacker-controlled JavaScript to run in the context of the user clicking a link. An anonymous attacker could also potentially issue SharePoint commands in the context of an authenticated user. (CVE-2012-1863).

Solution

Microsoft has released a set of patches for InfoPath 2007, InfoPath 2010, Office SharePoint Server 2007, SharePoint Server 2010, Groove Server 2010, Windows SharePoint Services 2.0 and 3.0, SharePoint Foundation 2010, and Office Web Apps 2010.

See Also

http://www.nessus.org/u?c7d49512

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-050

Plugin Details

Severity: Medium

ID: 59913

File Name: smb_nt_ms12-050.nasl

Version: 1.26

Type: local

Agent: windows

Published: 7/11/2012

Updated: 12/4/2019

Dependencies: smb_hotfixes.nasl, office_installed.nasl, ms_bulletin_checks_possible.nasl

Risk Information

CVSS Score Source: CVE-2012-1862

VPR

Risk Factor: Medium

Score: 6.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:groove, cpe:/a:microsoft:infopath, cpe:/a:microsoft:office_web_apps, cpe:/a:microsoft:sharepoint_server, cpe:/a:microsoft:sharepoint_services, cpe:/a:microsoft:sharepoint_foundation

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/10/2012

Vulnerability Publication Date: 6/12/2012

Reference Information

CVE: CVE-2012-1858, CVE-2012-1859, CVE-2012-1860, CVE-2012-1861, CVE-2012-1862, CVE-2012-1863

BID: 53842, 54312, 54313, 54314, 54315, 54316