VRDA Feed : Provides information for vulnerability impact analysis

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-1257

office_infopath, sharepoint_server, sharepoint_services, ie: Cross-site scripting (XSS) vulnerability in the toS...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1257

Original

Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-06-08

Source Information Category:

Advisory, Alert

Last Updated:

2010-06-09

Affected Product Tags

cpe:/a:microsoft:ie:8

cpe:/a:microsoft:office_infopath:2003:sp3

cpe:/a:microsoft:office_infopath:2007:sp1

cpe:/a:microsoft:office_infopath:2007:sp2

cpe:/a:microsoft:sharepoint_server:2007:sp1:x32

cpe:/a:microsoft:sharepoint_server:2007:sp1:x64

cpe:/a:microsoft:sharepoint_server:2007:sp2:x32

cpe:/a:microsoft:sharepoint_server:2007:sp2:x64

cpe:/a:microsoft:sharepoint_services:3.0:sp1:x32

cpe:/a:microsoft:sharepoint_services:3.0:sp1:x64

cpe:/a:microsoft:sharepoint_services:3.0:sp2:x32

cpe:/a:microsoft:sharepoint_services:3.0:sp2:x64

cpe:/o:microsoft:windows_2003_server::sp2

cpe:/o:microsoft:windows_2003_server::sp2:x64

cpe:/o:microsoft:windows_7:-:-:x32

cpe:/o:microsoft:windows_7:-:-:x64

cpe:/o:microsoft:windows_server_2008:::x32

cpe:/o:microsoft:windows_server_2008:::x64

cpe:/o:microsoft:windows_server_2008::sp2:x32

cpe:/o:microsoft:windows_server_2008::sp2:x64

cpe:/o:microsoft:windows_server_2008:r2::itanium

cpe:/o:microsoft:windows_server_2008:r2::x64

cpe:/o:microsoft:windows_vista:-:sp1

cpe:/o:microsoft:windows_vista:-:sp2

cpe:/o:microsoft:windows_vista::sp1

cpe:/o:microsoft:windows_vista::sp1:x64

cpe:/o:microsoft:windows_vista::sp2

cpe:/o:microsoft:windows_vista::sp2:x64

cpe:/o:microsoft:windows_xp:-:sp2:x64

cpe:/o:microsoft:windows_xp::sp2

cpe:/o:microsoft:windows_xp::sp3

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

MS MS10-039

MS MS10-035

Vulnerability Type Cross-Site Scripting (XSS) (CWE-79)