The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Office SharePoint Portal Server

vulnerability note CVE-2012-1744 CVE-2012-1766 CVE-2012-1767

Oracle Outside In Technology: several vulnerabilities of July 2012

Synthesis of the vulnerability

Several vulnerabilities of Oracle Outside In Technology are corrected by the CPU of July 2012.
Impacted products: McAfee Email and Web Security, GroupShield, McAfee Security for Email Servers, Exchange, MOSS, Oracle OIT, Symantec Enterprise Vault.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 14.
Creation date: 25/07/2012.
Identifiers: 2737111, 2740358, 2742321, BID-54497, BID-54500, BID-54504, BID-54506, BID-54511, BID-54531, BID-54536, BID-54541, BID-54543, BID-54546, BID-54548, BID-54550, BID-54552, BID-54554, CERTA-2012-ALE-004, CERTA-2012-AVI-393, CERTA-2012-AVI-441, CERTA-2012-AVI-541, CERTA-2012-AVI-557, cpujul2012, CVE-2012-1744, CVE-2012-1766, CVE-2012-1767, CVE-2012-1768, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, CVE-2012-3109, CVE-2012-3110, KB75998, MS12-058, MS12-067, PRL-2012-24, PRL-2012-25, PRL-2012-26, SYM12-015, VIGILANCE-VUL-11794, VU#118913.

Description of the vulnerability

A Critical Patch Update corrects several vulnerabilities of Oracle Outside In Technology. These libraries are used by several products, which are thus also impacted by these vulnerabilities.

An attacker can use a vulnerability of the CDR format, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54531, CVE-2012-1766]

An attacker can use a vulnerability of the DOC format, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54536, CVE-2012-1767]

An attacker can use a vulnerability of the DPT format, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54511, CVE-2012-1768]

An attacker can use a vulnerability of the JP2 format, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54500, CVE-2012-1769]

An attacker can use a vulnerability of the LWP format, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54541, CVE-2012-1770]

An attacker can use a vulnerability of the ODG format, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54543, CVE-2012-1771]

An attacker can use a vulnerability of the PCX format, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54497, CVE-2012-1772]

An attacker can use a vulnerability of the PDF format, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54548, CVE-2012-1773]

An attacker can use a vulnerability of the SAM format, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54546, CVE-2012-3106]

An attacker can use a vulnerability of the SXD format, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54504, CVE-2012-3107]

An attacker can use a vulnerability of the SXI format, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54550, CVE-2012-3108]

An attacker can use a vulnerability of the VSD format, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54554, CVE-2012-3109]

An attacker can use a vulnerability of the WSD format, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54506, CVE-2012-3110]

An attacker can use a vulnerability of Oracle Outside In Technology, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54552, CVE-2012-1744]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2012-1858 CVE-2012-1859 CVE-2012-1860

Microsoft SharePoint, InfoPath: six vulnerabilities

Synthesis of the vulnerability

An attacker can use six vulnerabilities of Microsoft SharePoint and InfoPath, where the most severe leads to the execution of administrative commands.
Impacted products: Office, InfoPath, MOSS.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, client access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 6.
Creation date: 10/07/2012.
Identifiers: 2695502, BID-53833, BID-53842, BID-54312, BID-54313, BID-54314, BID-54315, BID-54316, CERTA-2012-AVI-382, CVE-2012-1858, CVE-2012-1859, CVE-2012-1860, CVE-2012-1861, CVE-2012-1862, CVE-2012-1863, MS12-050, VIGILANCE-VUL-11759.

Description of the vulnerability

Six vulnerabilities were announced in Microsoft SharePoint and InfoPath.

An attacker can use malformed HTML strings, in order to bypass toStaticHTML, and then to create a Cross Site Scripting. [severity:2/4; BID-53833, BID-53842, CVE-2012-1858]

An attacker can generate a Cross Site Scripting via scriptresx.ashx, in order to execute JavaScript code in the context of the web site. [severity:2/4; BID-54312, CVE-2012-1859]

An attacker can obtain information on searches done by other users. [severity:1/4; BID-54314, CVE-2012-1860]

An attacker can generate a Cross Site Scripting via a username, in order to execute JavaScript code in the context of the web site. [severity:2/4; BID-54313, CVE-2012-1861]

An attacker can redirect the victim to another web site, in order to deceive him. [severity:2/4; BID-54315, CVE-2012-1862]

An attacker can generate a Cross Site Scripting via a list of parameters, in order to execute administrative JavaScript code in the context of the web site. [severity:3/4; BID-54316, CVE-2012-1863]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2012-1889

Windows, IE, Office: code execution via Microsoft XML Core Services

Synthesis of the vulnerability

An attacker can invite the victim to open a malformed XML document, with an application using Microsoft XML Core Services, in order to corrupt the memory, and to execute code.
Impacted products: IE, Office, Access, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows Vista, Windows XP.
Severity: 4/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 13/06/2012.
Identifiers: 2719615, 2722479, BID-53934, CERTA-2012-ALE-003, CERTA-2012-ALE-003-002, CERTA-2012-AVI-327, CERTA-2012-AVI-375, CVE-2012-1889, MS12-043, VIGILANCE-VUL-11704.

Description of the vulnerability

The Microsoft XML Core Services (MSXML) library is used by Microsoft applications which process XML data.

The object.definition() method returns information of an XML object. However, if this method is called on an object which does not exists, the memory is corrupted.

An attacker can therefore invite the victim to open a malformed XML document, with an application using Microsoft XML Core Services (such as Internet Explorer), in order to corrupt the memory, and to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2012-0017 CVE-2012-0144 CVE-2012-0145

Microsoft SharePoint 2010: three Cross Site Scripting

Synthesis of the vulnerability

An attacker can invite a SharePoint user to display a malicious document, in order to create a Cross Site Scripting, which allows him to execute JavaScript code in the context of the web site.
Impacted products: MOSS.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 15/02/2012.
Identifiers: 2663841, BID-51928, BID-51934, BID-51937, CERTA-2012-AVI-077, CVE-2012-0017, CVE-2012-0144, CVE-2012-0145, MS12-011, VIGILANCE-VUL-11361.

Description of the vulnerability

The Microsoft SharePoint service is impacted by three vulnerabilities.

The inplview.aspx page does not correctly filter its parameters, which leads to a Cross Site Scripting. [severity:2/4; BID-51928, CERTA-2012-AVI-077, CVE-2012-0017]

The themeweb.aspx page does not correctly filter its parameters, which leads to a Cross Site Scripting. [severity:2/4; BID-51934, CVE-2012-0144]

The wizardlist.aspx page does not correctly filter its parameters, which leads to a Cross Site Scripting. [severity:2/4; BID-51937, CVE-2012-0145]

An attacker can therefore invite a SharePoint user to display a malicious document, in order to create a Cross Site Scripting, which allows him to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2011-0653 CVE-2011-1252 CVE-2011-1890

Microsoft SharePoint: seven vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SharePoint, in order to create Cross Site Scripting, or to read a file.
Impacted products: MOSS.
Severity: 2/4.
Consequences: client access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 14/09/2011.
Identifiers: 2451858, BID-48199, BID-49002, BID-49004, BID-49005, BID-49010, BID-49511, BID-49620, CERTA-2011-AVI-514, CVE-2011-0653, CVE-2011-1252, CVE-2011-1890, CVE-2011-1891, CVE-2011-1892, CVE-2011-1893, MS11-074, VIGILANCE-VUL-10989.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft SharePoint.

An attacker can create a Cross Site Scripting in SharePoint Calendar. [severity:2/4; BID-49002, CERTA-2011-AVI-514, CVE-2011-0653]

The JavaScript toStaticHTML() method filters scripts contained in HTML data. It can be used to protect against Cross Site Scripting. However, an attacker can use a malformed style sheet, containing JavaScript code, which is not filtered by toStaticHTML(). [severity:2/4; BID-48199, CVE-2011-1252]

An attacker can create a Cross Site Scripting in the EditForm.aspx page. [severity:2/4; BID-49010, CVE-2011-1890]

An attacker can create a Cross Site Scripting in the Contact Details tool (/Reports/Pages/Default.aspx). [severity:2/4; BID-49005, CVE-2011-1891]

An attacker can use an external XML entity, in order to read a file. [severity:2/4; BID-49511, CVE-2011-1892]

An attacker can create a Cross Site Scripting. [severity:2/4; BID-49004, CVE-2011-1893]

An attacker can use /Docs/Lists/Announcements/NewForm.aspx in order to redirect the victim. [severity:1/4; BID-49620]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2011-1986 CVE-2011-1987 CVE-2011-1988

Excel: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can invite the victim to open a malicious document with Excel, in order to execute code on his computer.
Impacted products: Office, Excel, MOSS.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 14/09/2011.
Identifiers: 2587505, BID-49476, BID-49477, BID-49478, BID-49517, BID-49518, CERTA-2011-AVI-512, CVE-2011-1986, CVE-2011-1987, CVE-2011-1988, CVE-2011-1989, CVE-2011-1990, MS11-072, VIGILANCE-VUL-10987.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Office Excel. They lead to code execution.

An Excel document can use a freed memory area, in order to corrupt the memory. [severity:3/4; BID-49476, CERTA-2011-AVI-512, CVE-2011-1986]

An Excel document can create an array indexing error, in order to corrupt the memory. [severity:3/4; BID-49477, CVE-2011-1987]

An Excel document can contain a malicious field, in order to corrupt the memory. [severity:3/4; BID-49478, CVE-2011-1988]

An Excel document can contain a malicious conditional format, in order to corrupt the memory. [severity:3/4; BID-49518, CVE-2011-1989]

An Excel document can create an array indexing error, in order to corrupt the memory. [severity:3/4; BID-49517, CVE-2011-1990]

An attacker can therefore invite the victim to open a malicious document with Excel, in order to execute code on his computer.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2010-3964

Microsoft SharePoint Server: code execution

Synthesis of the vulnerability

When the Document Conversions Launcher and Load Balancer services are enabled, an attacker can send a malicious SOAP query, in order to execute code in Microsoft Office SharePoint Server.
Impacted products: MOSS.
Severity: 3/4.
Consequences: user access/rights.
Provenance: intranet client.
Creation date: 15/12/2010.
Identifiers: 2455005, BID-45264, CERTA-2010-AVI-607, CVE-2010-3964, MS10-104, VIGILANCE-VUL-10213, ZDI-10-287.

Description of the vulnerability

The Document Conversions Launcher Service starts document conversions. It runs under the HVU_ComputerName account. It is disabled by default.

The Document Conversions Load Balancer Service balances document conversions. It receives SOAP queries. It is disabled by default.

When these services are enabled, an attacker can send a SOAP query to Load Balancer, which transmits information to Launcher. However, Launcher does not correctly check data, so its memory is corrupted.

When the Document Conversions Launcher and Load Balancer services are enabled, an attacker can therefore send a malicious SOAP query to Load Balancer, in order to execute code in Launcher with HVU_ComputerName privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2010-3243 CVE-2010-3324

SharePoint: Cross Site Scripting

Synthesis of the vulnerability

An attacker can inject script code in a SharePoint site using the SafeHTML method to filter data.
Impacted products: Office, Excel, OneNote, PowerPoint, MOSS, Word.
Severity: 2/4.
Consequences: client access/rights.
Provenance: user account.
Number of vulnerabilities in this bulletin: 2.
Creation date: 13/10/2010.
Identifiers: 2412048, CERTA-2010-AVI-482, CVE-2010-3243, CVE-2010-3324, MS10-072, VIGILANCE-VUL-10019.

Description of the vulnerability

The SafeHTML method filters data. It is for example used to suppress JavaScript code contained in data submitted by web clients, before displaying it on the web site. However, two vulnerabilities impact SafeHTML, so this filtering is useless.

The SafeHTML method does not correctly filter HTML pages, so an attacker can generate a Cross Site Scripting. [severity:2/4; CERTA-2010-AVI-482, CVE-2010-3243]

The SafeHTML method does not correctly filter HTML pages, so an attacker can generate a Cross Site Scripting. [severity:2/4; CVE-2010-3324]

An attacker can therefore inject script code in a SharePoint site using the SafeHTML method to filter data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2010-0817 CVE-2010-1257 CVE-2010-1264

Microsoft SharePoint, InfoPath: three vulnerabilities

Synthesis of the vulnerability

Three vulnerabilities of Microsoft SharePoint and InfoPath can be used by an attacker to generate a Cross Site Scripting, to obtain information, or to create a denial of service.
Impacted products: Office, InfoPath, MOSS.
Severity: 3/4.
Consequences: client access/rights, data reading, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 09/06/2010.
Identifiers: 2028554, BID-39776, BID-40409, BID-40559, CERTA-2010-AVI-251, CVE-2010-0817, CVE-2010-1257, CVE-2010-1264, MS10-039, VIGILANCE-VUL-9695.

Description of the vulnerability

Three vulnerabilities were announced in Microsoft SharePoint and InfoPath.

An attacker can use the help page of Microsoft SharePoint Server, in order to generate a Cross Site Scripting (VIGILANCE-VUL-9620). [severity:2/4; BID-39776, CERTA-2010-AVI-251, CVE-2010-0817]

The toStaticHTML API is used to suppress JavaScript code included in a HTML document, in order to display it securely. However, a malformed HTML page can bypass this protection, and execute malicious JavaScript code in the context of another web site. [severity:3/4; BID-40409, CVE-2010-1257]

An attacker can send a malicious query to the Help.aspx page, in order to generate a denial of service. [severity:3/4; BID-40559, CVE-2010-1264]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2010-0817

Microsoft SharePoint Server: Cross Site Scripting via help.aspx

Synthesis of the vulnerability

An attacker can use the help page of Microsoft SharePoint Server, in order to generate a Cross Site Scripting.
Impacted products: Office, InfoPath, MOSS.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 29/04/2010.
Revision date: 30/04/2010.
Identifiers: 2028554, 983438, BID-39776, CVE-2010-0817, MS10-039, VIGILANCE-VUL-9620.

Description of the vulnerability

The help page of the Microsoft SharePoint Server environment is managed by the script "/_layouts/help.aspx".

The "cid0" parameter of help.aspx indicates the name of the Manifest file. For example:
  help.aspx?cid0=MS.WSS.manifest.xml
However, if this parameter contains a null character, the code located after it is directly displayed in the HTML page.

An attacker can therefore use the help page of Microsoft SharePoint Server, in order to generate a Cross Site Scripting.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Office SharePoint Portal Server: