Cross-Site Scripting and Spoofing Attacks in Windows SharePoint Services and SharePoint Team Services

Reported February 8, 2005 by Microsoft

VERSIONS AFFECTED

  • Windows SharePoint Services for Windows Server 2003
  • SharePoint Team Services from Microsoft

Non-Affected Software:

  • Windows Server 2003 for Itanium-based systems
  • SharePoint Portal Server 2003 (all versions)
  • SharePoint Portal Server 2001 (all versions)

DESCRIPTION

The cross-site scripting vulnerability could allow an intruder to execute code in the security context of the currently logged on user.

A spoofing attack could take place because input provided to HTML redirection queries is not adequately validated before the input is sent to a user's Web browser.

VENDOR RESPONSE

Microsoft has released Security Bulletin MS05-006, "Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks (887981)," and a patch to correct the problem.





Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish