MS12-050: Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502)

medium Nessus Plugin ID 59913

Language:

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 7.2

Synopsis

The remote host is affected by multiple privilege escalation and information disclosure vulnerabilities.

Description

The versions of InfoPath, Office SharePoint Server, SharePoint Server, Groove Server, Windows SharePoint Services, SharePoint Foundation, or Office Web Apps installed on the remote host are affected by multiple privilege escalation and information disclosure vulnerabilities :

 - An information disclosure vulnerability exists in the way that HTML strings are sanitized. An attacker who successfully exploited this vulnerability could perform cross-site scripting attacks and run script in the security context of the logged-on user. (CVE-2012-1858)

 - A cross-site scripting and a privilege escalation vulnerability allow attacker-controlled JavaScript to run in the context of the user clicking a link. An anonymous attacker could also potentially issue SharePoint commands in the context of an authenticated user on the site. (CVE-2012-1859)

 - An information disclosure vulnerability exists in the way that SharePoint stores search scopes. An attacker could view or tamper with other users' search scopes.
 (CVE-2012-1860)

 - A cross-site scripting vulnerability exists that allows attacker-controlled JavaScript to run in the context of the user clicking a link. An anonymous attacker could also potentially issue SharePoint commands in the context of an authenticated user. (CVE-2012-1861)

 - A URL redirection vulnerability exists in SharePoint.
 The vulnerability could lead to spoofing and information disclosure and could allow an attacker to redirect a user to an external URL. (CVE-2012-1862)

 - A cross-site scripting vulnerability exists that allows attacker-controlled JavaScript to run in the context of the user clicking a link. An anonymous attacker could also potentially issue SharePoint commands in the context of an authenticated user. (CVE-2012-1863).

Solution

Microsoft has released a set of patches for InfoPath 2007, InfoPath 2010, Office SharePoint Server 2007, SharePoint Server 2010, Groove Server 2010, Windows SharePoint Services 2.0 and 3.0, SharePoint Foundation 2010, and Office Web Apps 2010.

See Also

http://www.nessus.org/u?c7d49512

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-050

Plugin Details

Severity: Medium

ID: 59913

File Name: smb_nt_ms12-050.nasl

Version: 1.26

Type: local

Agent: windows

Published: 7/11/2012

Updated: 12/4/2019

Dependencies: smb_hotfixes.nasl, office_installed.nasl, ms_bulletin_checks_possible.nasl

Risk Information

Risk Factor: Medium

VPR Score: 7.2

CVSS Score Source: CVE-2012-1862

CVSS v2.0

Base Score: 6.8

Temporal Score: 5.9

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:groove, cpe:/a:microsoft:infopath, cpe:/a:microsoft:office_web_apps, cpe:/a:microsoft:sharepoint_server, cpe:/a:microsoft:sharepoint_services, cpe:/a:microsoft:sharepoint_foundation

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/10/2012

Vulnerability Publication Date: 6/12/2012

Reference Information

CVE: CVE-2012-1858, CVE-2012-1859, CVE-2012-1860, CVE-2012-1861, CVE-2012-1862, CVE-2012-1863

BID: 53842, 54312, 54313, 54314, 54315, 54316