The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of SharePoint Server

vulnerability alert 7751

Windows SharePoint: JavaScript injection

Synthesis of the vulnerability

An authenticated attacker can inject JavaScript code in Windows SharePoint Services.
Impacted products: MOSS.
Severity: 1/4.
Consequences: data creation/edition, data flow.
Provenance: user account.
Creation date: 09/04/2008.
Identifiers: BID-28706, CAU-2008-0002, VIGILANCE-VUL-7751.

Description of the vulnerability

The Windows SharePoint Services environment can be used to create web applications.

The interface to add an image does not correctly filter the image path. An attacker can use it to inject HTML or JavaScript code.

This error may be used to create a Cross Site Scripting attack, but this was not confirmed.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 7726

Outlook, Windows Mail, Office: HTTP connection via X.509

Synthesis of the vulnerability

An attacker can use a malicious X.509 certificate in order to force a program to send a HTTP query.
Impacted products: Office, Access, Excel, Outlook, PowerPoint, Publisher, MOSS, Word, Microsoft Windows Mail.
Severity: 1/4.
Consequences: data reading.
Provenance: document.
Creation date: 02/04/2008.
Identifiers: AKLINK-SA-2008-002, AKLINK-SA-2008-003, AKLINK-SA-2008-004, BID-28548, VIGILANCE-VUL-7726.

Description of the vulnerability

A X.509 certificate can contain a url pointing to the intermediate Certification Authority certificate. This feature is available in software implementing the "caIssuers" extension (Outlook 2007, Windows Mail 2008, Office 2007).

An attacker can send a certificate containing a url pointing to the http://site/ website. When the software tries to check to certificate, it thus send a HTTP query to the indicated web site.

This vulnerability can for example be used to trace a user by detecting connections to http://site/.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2007-2581

SharePoint: Cross Site Scripting

Synthesis of the vulnerability

An attacker can create a Cross Site Scripting in order to execute script with privileges of user connected to the SharePoint service.
Impacted products: MOSS.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 10/10/2007.
Identifiers: 942017, BID-23832, CERTA-2007-AVI-429, CVE-2007-2581, MS07-059, VIGILANCE-VUL-7222.

Description of the vulnerability

Recent versions of SharePoint (Windows SharePoint Services 3.0 and Office SharePoint Server 2007) implement a filter on urls.

However, this filter does not correctly handle quote characters encoded with %22. These characters then permit to inject Javascript code in urls.

This vulnerability therefore permits an attacker to create a Cross Site Scripting attack. Attacker can execute Javascript code in the context of user connected to the SharePoint site.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about SharePoint Server: