Content
(MS07-059) Microsoft SharePoint Scripting Vulnerability (942017)
- Type
- Cross-Site-Scripting
- Impact of exploitation
- Privilege Escalation
- User Interaction
- user interaction is needed
- Attack Vector
- Website with malicious content
- Rating
- Medium
- CVE reference
- CVE-2007-2581,
- Vendor Status
- Responded and patched
- Vulnerable systems
- SharePoint Server 2007,
- Windows 2003 SP0 - SP2,
- Summary
- Microsoft Windows SharePoint Services contains a privilege escalation vulnerability. Exploitation could occur if a victim visited a malicious Web site.
Tab Navigation
Description
Microsoft Windows SharePoint Services is a set of web collaboration services for use with Microsoft IIS on Windows Server 2003. Microsoft Windows SharePoint Services contains a privilege escalation vulnerability. The flaw lies in improper script execution within a SharePoint site and could lead to privilege escalation within this site. Information disclosure may also be possible.
McAfee Product Mitigation & Recommendations
Recommendations
Download and install the patch available from Microsoft(942017): http://www.microsoft.com/technet/security/Bulletin/MS07-059.mspx
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- (MS07-059) Microsoft SharePoint Scripting Vulnerability (942017)
- Signature identifier:
- 5497
- Release date:
- 9/25/2007
McAfee Intrushield
This signature provides coverage for this vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
- Signature:
- HTTP: Microsoft SharePoint Scripting Vulnerability
- Signature identifier:
- 0x4023E900
- Release date:
- 10/9/2007
- First released in:
- Sigset(s) 4.1.12; 3.1.49
Additional Resources
Microsoft Security Bulletin: Vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007 Could Result in Elevation of Privilege within the SharePoint Site (942017)
http://www.microsoft.com/technet/security/Bulletin/MS07-059.mspx
All Information
Timeline -
10/9/2007
Vendor has provided a patch.
5/4/2007
Vulnerability information has been publicly disclosed.
Description -
Microsoft Windows SharePoint Services is a set of web collaboration services for use with Microsoft IIS on Windows Server 2003. Microsoft Windows SharePoint Services contains a privilege escalation vulnerability. The flaw lies in improper script execution within a SharePoint site and could lead to privilege escalation within this site. Information disclosure may also be possible.
McAfee Product Mitigation & Recommendations
Recommendations -
Download and install the patch available from Microsoft(942017): http://www.microsoft.com/technet/security/Bulletin/MS07-059.mspx
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- (MS07-059) Microsoft SharePoint Scripting Vulnerability (942017)
- Signature identifier:
- 5497
- Release date:
- 9/25/2007
McAfee Intrushield
This signature provides coverage for this vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
- Signature:
- HTTP: Microsoft SharePoint Scripting Vulnerability
- Signature identifier:
- 0x4023E900
- Release date:
- 10/9/2007
- First released in:
- Sigset(s) 4.1.12; 3.1.49
Additional Resources
Additional Resources -
Microsoft Security Bulletin: Vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007 Could Result in Elevation of Privilege within the SharePoint Site (942017)
http://www.microsoft.com/technet/security/Bulletin/MS07-059.mspx
