The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Office SharePoint Portal Server

computer vulnerability alert CVE-2012-3214 CVE-2012-3217

Oracle Outside In Technology: several vulnerabilities of October 2012

Synthesis of the vulnerability

Several vulnerabilities of Oracle Outside In Technology are corrected by the CPU of October 2012.
Impacted products: McAfee Email and Web Security, GroupShield, McAfee Security for Email Servers, Exchange, MOSS, Oracle OIT, Symantec Enterprise Vault.
Severity: 2/4.
Consequences: user access/rights, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 17/10/2012.
Identifiers: 2784242, BID-55977, BID-55993, CERTA-2012-AVI-578, CERTA-2013-AVI-117, cpuoct2012, CVE-2012-3214, CVE-2012-3217, MS13-013, PRL-2012-30, VIGILANCE-VUL-12076.

Description of the vulnerability

A Critical Patch Update corrects several vulnerabilities of Oracle Outside In Technology. These libraries are used by several products, which are thus also impacted by these vulnerabilities.

An attacker can create a malicious JPG image, which generates an error in the ibjpg2.flt filter, in order to create a denial of service. [severity:2/4; BID-55977, CVE-2012-3214, PRL-2012-30]

An attacker can use a vulnerability of Outside In HTML Export SDK, in order to create a denial of service. [severity:2/4; BID-55993, CVE-2012-3217]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2012-2520

Microsoft InfoPath, Communicator, Lync, SharePoint: privilege elevation via HTML Sanitization

Synthesis of the vulnerability

An attacker can invite the victim to display a malicious HTML document with Microsoft InfoPath, Communicator, Lync or SharePoint, in order to execute JavaScript code with victim's privileges.
Impacted products: Lync, Office, Office Communicator, InfoPath, MOSS.
Severity: 3/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 09/10/2012.
Identifiers: 2741517, BID-55797, CERTA-2012-AVI-556, CVE-2012-2520, MS12-066, VIGILANCE-VUL-12046.

Description of the vulnerability

The HTML Sanitization component purges HTML code, in order to suppress JavaScript code for example. An HTML document coming from an untrusted source, can then be displayed by a service. This component is incorporated in several Microsoft products.

However, in some cases, the JavaScript code is not filtered. It is then run in the context of the web site where it is displayed, and with privileges of the user authenticated on the site.

An attacker can therefore invite the victim to display a malicious HTML document with Microsoft InfoPath, Communicator, Lync or SharePoint, in order to execute JavaScript code with victim's privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2012-0182 CVE-2012-2528

Word: code execution via RTF

Synthesis of the vulnerability

An attacker can invite the victim to open a malicious RTF file with Word, in order to execute code on his computer.
Impacted products: Office, MOSS, Word.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 09/10/2012.
Identifiers: 2742319, BID-55780, BID-55781, CERTA-2012-AVI-554, CVE-2012-0182, CVE-2012-2528, MS12-064, VIGILANCE-VUL-12044, ZDI-12-201.

Description of the vulnerability

The Microsoft Word software supports RTF (Rich Text Format) documents. However, when Word opens a malicious RTF document, two vulnerabilities can be exploited.

A document with a malicious PAPX section corrupts the memory. [severity:3/4; BID-55780, CVE-2012-0182, ZDI-12-201]

A document with a malformed "listid" field forces the usage of a freed memory area. [severity:3/4; BID-55781, CVE-2012-2528]

An attacker can therefore invite the victim to open a malicious RTF file, in order to execute code on his computer.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2012-1744 CVE-2012-1766 CVE-2012-1767

Oracle Outside In Technology: several vulnerabilities of July 2012

Synthesis of the vulnerability

Several vulnerabilities of Oracle Outside In Technology are corrected by the CPU of July 2012.
Impacted products: McAfee Email and Web Security, GroupShield, McAfee Security for Email Servers, Exchange, MOSS, Oracle OIT, Symantec Enterprise Vault.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 14.
Creation date: 25/07/2012.
Identifiers: 2737111, 2740358, 2742321, BID-54497, BID-54500, BID-54504, BID-54506, BID-54511, BID-54531, BID-54536, BID-54541, BID-54543, BID-54546, BID-54548, BID-54550, BID-54552, BID-54554, CERTA-2012-ALE-004, CERTA-2012-AVI-393, CERTA-2012-AVI-441, CERTA-2012-AVI-541, CERTA-2012-AVI-557, cpujul2012, CVE-2012-1744, CVE-2012-1766, CVE-2012-1767, CVE-2012-1768, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, CVE-2012-3109, CVE-2012-3110, KB75998, MS12-058, MS12-067, PRL-2012-24, PRL-2012-25, PRL-2012-26, SYM12-015, VIGILANCE-VUL-11794, VU#118913.

Description of the vulnerability

A Critical Patch Update corrects several vulnerabilities of Oracle Outside In Technology. These libraries are used by several products, which are thus also impacted by these vulnerabilities.

An attacker can use a vulnerability of the CDR format, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54531, CVE-2012-1766]

An attacker can use a vulnerability of the DOC format, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54536, CVE-2012-1767]

An attacker can use a vulnerability of the DPT format, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54511, CVE-2012-1768]

An attacker can use a vulnerability of the JP2 format, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54500, CVE-2012-1769]

An attacker can use a vulnerability of the LWP format, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54541, CVE-2012-1770]

An attacker can use a vulnerability of the ODG format, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54543, CVE-2012-1771]

An attacker can use a vulnerability of the PCX format, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54497, CVE-2012-1772]

An attacker can use a vulnerability of the PDF format, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54548, CVE-2012-1773]

An attacker can use a vulnerability of the SAM format, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54546, CVE-2012-3106]

An attacker can use a vulnerability of the SXD format, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54504, CVE-2012-3107]

An attacker can use a vulnerability of the SXI format, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54550, CVE-2012-3108]

An attacker can use a vulnerability of the VSD format, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54554, CVE-2012-3109]

An attacker can use a vulnerability of the WSD format, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54506, CVE-2012-3110]

An attacker can use a vulnerability of Oracle Outside In Technology, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54552, CVE-2012-1744]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2012-1858 CVE-2012-1859 CVE-2012-1860

Microsoft SharePoint, InfoPath: six vulnerabilities

Synthesis of the vulnerability

An attacker can use six vulnerabilities of Microsoft SharePoint and InfoPath, where the most severe leads to the execution of administrative commands.
Impacted products: Office, InfoPath, MOSS.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, client access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 6.
Creation date: 10/07/2012.
Identifiers: 2695502, BID-53833, BID-53842, BID-54312, BID-54313, BID-54314, BID-54315, BID-54316, CERTA-2012-AVI-382, CVE-2012-1858, CVE-2012-1859, CVE-2012-1860, CVE-2012-1861, CVE-2012-1862, CVE-2012-1863, MS12-050, VIGILANCE-VUL-11759.

Description of the vulnerability

Six vulnerabilities were announced in Microsoft SharePoint and InfoPath.

An attacker can use malformed HTML strings, in order to bypass toStaticHTML, and then to create a Cross Site Scripting. [severity:2/4; BID-53833, BID-53842, CVE-2012-1858]

An attacker can generate a Cross Site Scripting via scriptresx.ashx, in order to execute JavaScript code in the context of the web site. [severity:2/4; BID-54312, CVE-2012-1859]

An attacker can obtain information on searches done by other users. [severity:1/4; BID-54314, CVE-2012-1860]

An attacker can generate a Cross Site Scripting via a username, in order to execute JavaScript code in the context of the web site. [severity:2/4; BID-54313, CVE-2012-1861]

An attacker can redirect the victim to another web site, in order to deceive him. [severity:2/4; BID-54315, CVE-2012-1862]

An attacker can generate a Cross Site Scripting via a list of parameters, in order to execute administrative JavaScript code in the context of the web site. [severity:3/4; BID-54316, CVE-2012-1863]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2012-1889

Windows, IE, Office: code execution via Microsoft XML Core Services

Synthesis of the vulnerability

An attacker can invite the victim to open a malformed XML document, with an application using Microsoft XML Core Services, in order to corrupt the memory, and to execute code.
Impacted products: IE, Office, Access, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows Vista, Windows XP.
Severity: 4/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 13/06/2012.
Identifiers: 2719615, 2722479, BID-53934, CERTA-2012-ALE-003, CERTA-2012-ALE-003-002, CERTA-2012-AVI-327, CERTA-2012-AVI-375, CVE-2012-1889, MS12-043, VIGILANCE-VUL-11704.

Description of the vulnerability

The Microsoft XML Core Services (MSXML) library is used by Microsoft applications which process XML data.

The object.definition() method returns information of an XML object. However, if this method is called on an object which does not exists, the memory is corrupted.

An attacker can therefore invite the victim to open a malformed XML document, with an application using Microsoft XML Core Services (such as Internet Explorer), in order to corrupt the memory, and to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2012-0017 CVE-2012-0144 CVE-2012-0145

Microsoft SharePoint 2010: three Cross Site Scripting

Synthesis of the vulnerability

An attacker can invite a SharePoint user to display a malicious document, in order to create a Cross Site Scripting, which allows him to execute JavaScript code in the context of the web site.
Impacted products: MOSS.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 15/02/2012.
Identifiers: 2663841, BID-51928, BID-51934, BID-51937, CERTA-2012-AVI-077, CVE-2012-0017, CVE-2012-0144, CVE-2012-0145, MS12-011, VIGILANCE-VUL-11361.

Description of the vulnerability

The Microsoft SharePoint service is impacted by three vulnerabilities.

The inplview.aspx page does not correctly filter its parameters, which leads to a Cross Site Scripting. [severity:2/4; BID-51928, CERTA-2012-AVI-077, CVE-2012-0017]

The themeweb.aspx page does not correctly filter its parameters, which leads to a Cross Site Scripting. [severity:2/4; BID-51934, CVE-2012-0144]

The wizardlist.aspx page does not correctly filter its parameters, which leads to a Cross Site Scripting. [severity:2/4; BID-51937, CVE-2012-0145]

An attacker can therefore invite a SharePoint user to display a malicious document, in order to create a Cross Site Scripting, which allows him to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2011-0653 CVE-2011-1252 CVE-2011-1890

Microsoft SharePoint: seven vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SharePoint, in order to create Cross Site Scripting, or to read a file.
Impacted products: MOSS.
Severity: 2/4.
Consequences: client access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 14/09/2011.
Identifiers: 2451858, BID-48199, BID-49002, BID-49004, BID-49005, BID-49010, BID-49511, BID-49620, CERTA-2011-AVI-514, CVE-2011-0653, CVE-2011-1252, CVE-2011-1890, CVE-2011-1891, CVE-2011-1892, CVE-2011-1893, MS11-074, VIGILANCE-VUL-10989.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft SharePoint.

An attacker can create a Cross Site Scripting in SharePoint Calendar. [severity:2/4; BID-49002, CERTA-2011-AVI-514, CVE-2011-0653]

The JavaScript toStaticHTML() method filters scripts contained in HTML data. It can be used to protect against Cross Site Scripting. However, an attacker can use a malformed style sheet, containing JavaScript code, which is not filtered by toStaticHTML(). [severity:2/4; BID-48199, CVE-2011-1252]

An attacker can create a Cross Site Scripting in the EditForm.aspx page. [severity:2/4; BID-49010, CVE-2011-1890]

An attacker can create a Cross Site Scripting in the Contact Details tool (/Reports/Pages/Default.aspx). [severity:2/4; BID-49005, CVE-2011-1891]

An attacker can use an external XML entity, in order to read a file. [severity:2/4; BID-49511, CVE-2011-1892]

An attacker can create a Cross Site Scripting. [severity:2/4; BID-49004, CVE-2011-1893]

An attacker can use /Docs/Lists/Announcements/NewForm.aspx in order to redirect the victim. [severity:1/4; BID-49620]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2011-1986 CVE-2011-1987 CVE-2011-1988

Excel: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can invite the victim to open a malicious document with Excel, in order to execute code on his computer.
Impacted products: Office, Excel, MOSS.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 14/09/2011.
Identifiers: 2587505, BID-49476, BID-49477, BID-49478, BID-49517, BID-49518, CERTA-2011-AVI-512, CVE-2011-1986, CVE-2011-1987, CVE-2011-1988, CVE-2011-1989, CVE-2011-1990, MS11-072, VIGILANCE-VUL-10987.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office Excel. They lead to code execution.

An Excel document can use a freed memory area, in order to corrupt the memory. [severity:3/4; BID-49476, CERTA-2011-AVI-512, CVE-2011-1986]

An Excel document can create an array indexing error, in order to corrupt the memory. [severity:3/4; BID-49477, CVE-2011-1987]

An Excel document can contain a malicious field, in order to corrupt the memory. [severity:3/4; BID-49478, CVE-2011-1988]

An Excel document can contain a malicious conditional format, in order to corrupt the memory. [severity:3/4; BID-49518, CVE-2011-1989]

An Excel document can create an array indexing error, in order to corrupt the memory. [severity:3/4; BID-49517, CVE-2011-1990]

An attacker can therefore invite the victim to open a malicious document with Excel, in order to execute code on his computer.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2010-3964

Microsoft SharePoint Server: code execution

Synthesis of the vulnerability

When the Document Conversions Launcher and Load Balancer services are enabled, an attacker can send a malicious SOAP query, in order to execute code in Microsoft Office SharePoint Server.
Impacted products: MOSS.
Severity: 3/4.
Consequences: user access/rights.
Provenance: intranet client.
Creation date: 15/12/2010.
Identifiers: 2455005, BID-45264, CERTA-2010-AVI-607, CVE-2010-3964, MS10-104, VIGILANCE-VUL-10213, ZDI-10-287.

Description of the vulnerability

The Document Conversions Launcher Service starts document conversions. It runs under the HVU_ComputerName account. It is disabled by default.

The Document Conversions Load Balancer Service balances document conversions. It receives SOAP queries. It is disabled by default.

When these services are enabled, an attacker can send a SOAP query to Load Balancer, which transmits information to Launcher. However, Launcher does not correctly check data, so its memory is corrupted.

When the Document Conversions Launcher and Load Balancer services are enabled, an attacker can therefore send a malicious SOAP query to Load Balancer, in order to execute code in Launcher with HVU_ComputerName privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Office SharePoint Portal Server: