MS12-011: Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2663841)

Issued: 14 FEB 2012

Internet Security Systems Guidance

Three privately reported vulnerabilities in Microsoft Sharepoint were fixed in this update. All could be abused to achieve cross-site-scripting in various Sharepoint pages/controls. Those who have publicly facing vulnerable SharePoint installations should apply this update.

Coverage Related CVEs Coverage Date Exploit Dates Content Update Versions
Cross_Site_Scripting CVE-2012-0144
CVE-2012-0145
CVE-2012-0017
11 NOV 2008 N/A BlackICE PC Protection 3.6crk
BlackICE Server Protection 3.6.crk
IBM Security Host Protection for Desktops 2310
IBM Security Host Protection for Servers (Unix) 2.2.2
IBM Security Host Protection for Servers (Windows) 1.0.914.2310
IBM Security Host Protection for Servers (Windows) 2.0.300.2310
IBM Security Host Protection for Servers (Windows) 2.1.14.2400
Proventia Network IDS XPU 28.170
Proventia Network IPS XPU 28.170
Proventia Network MFS XPU 28.170
Proventia Server IPS for Linux technology 28.170
Proventia-G 1.1 and earlier XPU 28.170
RealSecure Network XPU 28.170
RealSecure Server Sensor XPU 28.170
Virtual Server Protection for Vmware 1.0
HTTP_Sharepoint_Inplview_XSS CVE-2012-0017
14 FEB 2012 N/A IBM Security Host Protection for Desktops 2730
IBM Security Host Protection for Servers (Unix) 2.2.2
IBM Security Host Protection for Servers (Windows) 2.1.14.2730
Proventia Network IDS XPU 32.020
Proventia Network IPS XPU 32.020
Proventia Network MFS XPU 32.020
Proventia Server IPS for Linux technology 32.020
Proventia-G 1.1 and earlier XPU 32.020
RealSecure Network XPU 32.020
RealSecure Server Sensor XPU 32.020
Virtual Server Protection for Vmware XPU 32.020
win-ms12kb2663841-update CVE-2012-0017
CVE-2012-0144
CVE-2012-0145
14 FEB 2012 N/A Enterprise Scanner 1.90
Internet Scanner software 7.2 XPU 7.2.104

References

Microsoft: http://technet.microsoft.com/en-us/security/bulletin/ms12-011
X-Force Database: http://xforce.iss.net/xforce/xfdb/72884
X-Force Database: http://xforce.iss.net/xforce/xfdb/72885
X-Force Database: http://xforce.iss.net/xforce/xfdb/72887
X-Force Database: http://xforce.iss.net/xforce/xfdb/72886