The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of SharePoint Server

computer vulnerability announce CVE-2007-5348 CVE-2008-3012 CVE-2008-3013

Windows, Office: several vulnerabilities of GDI

Synthesis of the vulnerability

A local or remote attacker can create malicious programs or images in order to generate a denial of service or code execution on victim's computer.
Impacted products: IE, Office, Access, Excel, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word, SQL Server, Visual Studio, Windows 2003, Windows 2008 R0, Windows Vista, Windows XP, WinZip.
Severity: 4/4.
Consequences: user access/rights, denial of service on server.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 10/09/2008.
Identifiers: 954593, BA565, BID-31018, BID-31019, BID-31020, BID-31021, BID-31022, CERTA-2008-AVI-449, CVE-2007-5348, CVE-2008-3012, CVE-2008-3013, CVE-2008-3014, CVE-2008-3015, FSC20080909-12, MS08-052, VIGILANCE-VUL-8097.

Description of the vulnerability

Several vulnerabilities impact GDI+ (Graphics Device Interface, gdiplus.dll).

The VML (Vector Markup Language) format is used to represent vectorial images in a XML format. An attacker can create a VML file indicating an invalid gradient in order to generate an integer overflow leading to a memory corruption. [severity:4/4; BID-31018, CERTA-2008-AVI-449, CVE-2007-5348]

An attacker can create a malicious EMF (Enhanced Metafile) file in order to corrupt the memory. [severity:4/4; BID-31019, CVE-2008-3012]

An attacker can create a WMF file containing a malicious PolyPolygon field generating an allocation error, leading to a buffer overflow. [severity:4/4; BA565, BID-31021, CVE-2008-3014, FSC20080909-12]

An attacker can create a GIF image with a malicious data extension in order to corrupt the memory. [severity:4/4; BID-31020, CVE-2008-3013]

An attacker can create a BMP image with a malicious BitMapInfoHeader header in order to corrupt the memory. [severity:4/4; BID-31022, CVE-2008-3015]

A local or remote attacker can therefore create malicious programs or images in order to generate a denial of service or code execution on victim's computer.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2008-3006

MS Excel: remote code execution via record

Synthesis of the vulnerability

An attacker can create a malicious spreadsheet, in order to execute code.
Impacted products: Office, Excel, MOSS, Word.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 13/08/2008.
Identifiers: 954066, CVE-2008-3006, MS08-043, VIGILANCE-VUL-8019.

Description of the vulnerability

While opening an xls file, MS Excel loads the content of the document without any specific checking on the file.

A file containing an malicious record can be used to execute code.

An attacker can therefore create a malicious Excel spreadsheet, send it to a victim, and if this last open it, code can be executed on the computer.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert 7751

Windows SharePoint: JavaScript injection

Synthesis of the vulnerability

An authenticated attacker can inject JavaScript code in Windows SharePoint Services.
Impacted products: MOSS.
Severity: 1/4.
Consequences: data creation/edition, data flow.
Provenance: user account.
Creation date: 09/04/2008.
Identifiers: BID-28706, CAU-2008-0002, VIGILANCE-VUL-7751.

Description of the vulnerability

The Windows SharePoint Services environment can be used to create web applications.

The interface to add an image does not correctly filter the image path. An attacker can use it to inject HTML or JavaScript code.

This error may be used to create a Cross Site Scripting attack, but this was not confirmed.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 7726

Outlook, Windows Mail, Office: HTTP connection via X.509

Synthesis of the vulnerability

An attacker can use a malicious X.509 certificate in order to force a program to send a HTTP query.
Impacted products: Office, Access, Excel, Outlook, PowerPoint, Publisher, MOSS, Word, Microsoft Windows Mail.
Severity: 1/4.
Consequences: data reading.
Provenance: document.
Creation date: 02/04/2008.
Identifiers: AKLINK-SA-2008-002, AKLINK-SA-2008-003, AKLINK-SA-2008-004, BID-28548, VIGILANCE-VUL-7726.

Description of the vulnerability

A X.509 certificate can contain a url pointing to the intermediate Certification Authority certificate. This feature is available in software implementing the "caIssuers" extension (Outlook 2007, Windows Mail 2008, Office 2007).

An attacker can send a certificate containing a url pointing to the http://site/ website. When the software tries to check to certificate, it thus send a HTTP query to the indicated web site.

This vulnerability can for example be used to trace a user by detecting connections to http://site/.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2007-2581

SharePoint: Cross Site Scripting

Synthesis of the vulnerability

An attacker can create a Cross Site Scripting in order to execute script with privileges of user connected to the SharePoint service.
Impacted products: MOSS.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 10/10/2007.
Identifiers: 942017, BID-23832, CERTA-2007-AVI-429, CVE-2007-2581, MS07-059, VIGILANCE-VUL-7222.

Description of the vulnerability

Recent versions of SharePoint (Windows SharePoint Services 3.0 and Office SharePoint Server 2007) implement a filter on urls.

However, this filter does not correctly handle quote characters encoded with %22. These characters then permit to inject Javascript code in urls.

This vulnerability therefore permits an attacker to create a Cross Site Scripting attack. Attacker can execute Javascript code in the context of user connected to the SharePoint site.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about SharePoint Server: