VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-3243
sharepoint_server, sharepoint_services, ie: Cross-site scripting (XSS) vulnerability in the toS...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3243

Original

Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability."

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-10-13
Source Information Category:
Advisory, Alert
Last Updated:
2010-10-14




Affected Product Tags
cpe:/a:microsoft:ie:8
cpe:/a:microsoft:sharepoint_server:2007:sp2:x32
cpe:/a:microsoft:sharepoint_server:2007:sp2:x64
cpe:/a:microsoft:sharepoint_services:3.0:sp2:x32
cpe:/a:microsoft:sharepoint_services:3.0:sp2:x64
cpe:/o:microsoft:windows_7:-:-:x32
cpe:/o:microsoft:windows_7:-:-:x64
cpe:/o:microsoft:windows_server_2003::sp2
cpe:/o:microsoft:windows_server_2003::sp2:x64
cpe:/o:microsoft:windows_server_2008:::x32
cpe:/o:microsoft:windows_server_2008:::x64
cpe:/o:microsoft:windows_server_2008::sp2:x32
cpe:/o:microsoft:windows_server_2008::sp2:x64
cpe:/o:microsoft:windows_server_2008:r2::itanium
cpe:/o:microsoft:windows_server_2008:r2::x64
cpe:/o:microsoft:windows_vista::sp1
cpe:/o:microsoft:windows_vista::sp1:x64
cpe:/o:microsoft:windows_vista::sp2
cpe:/o:microsoft:windows_vista::sp2:x64
cpe:/o:microsoft:windows_xp:-:sp2:x64
cpe:/o:microsoft:windows_xp::sp3
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
X Medium [?]
Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
Alternatives




References
MS MS10-072




MS MS10-071




Vulnerability Type Cross-Site Scripting (XSS) (CWE-79)




Copyright © 2010 JPCERT/CC All Rights Reserved.