Release DateJun 09, 2010 |
Severitymedium |
ImpactInformation Disclosure |
DescriptionThis indicates a possible attack against a cross-site-scripting vulnerability in Microsoft Internet Explorer and SharePoint.The vulnerability is due to an error in the vulnerable software when handling the toStaticHTML API. An attacker may exploit this to gain sensitive information bysending a malicious web page. |
Affected ProductsMicrosoft Internet Explorer 8Microsoft Office InfoPath 2003 Service Pack 3 Microsoft Office InfoPath 2007 Service Pack 1 and Microsoft Office InfoPath 2007 Service Pack 2 Microsoft Office SharePoint Server 2007 Service Pack 1&2 (32-bit and 64-bit editions) Microsoft Windows SharePoint Services 3.0 Service Pack 1 and Microsoft Windows SharePoint Services 3.0 Service Pack 2 (32-bit and 64-bit versions) |
Recommended ActionsRefer to the vendor's advisory for updates:http://www.microsoft.com/technet/security/bulletin/ms10-035.mspx http://www.microsoft.com/technet/security/bulletin/ms10-039.mspx |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2010-1257 |
Reference/shttp://technet.microsoft.com/en-us/security/bulletin/ms10-039.mspx (MS-ID)http://technet.microsoft.com/en-us/security/bulletin/ms10-035.mspx (MS-ID) |
