Microsoft Windows SharePoint Services and SharePoint Team Services contain cross-site scripting vulnerabilities. These vulnerabilities could be exploited to execute arbitrary code in the security context of the affected user.
Microsoft Windows SharePoint Services for Windows Server 2003 and SharePoint Team Services are used to create collaborative Web sites. Versions of Microsoft SharePoint software contain several cross-site scripting vulnerabilities caused by insufficient validation of data used as input to HTML redirection queries. The output of such queries may contain malicious script that if executed, could lead to arbitrary code of an attacker's choice being run in the security context of the affected user.
These vulnerabilities could be exploited to execute arbitrary code in the security context of the affected user.
In addition, per Microsoft Security Bulletin MS05-006:
Apply a patch from the vendor
Thanks to Microsoft for reporting this vulnerability in Microsoft Security Bulletin MS05-006.
This document was written by Jeffrey S. Havrilla.
|Date First Published:||2005-02-09|
|Date Last Updated:||2005-02-09 00:17 UTC|