Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability."
{"openvas": [{"lastseen": "2020-05-19T17:41:45", "description": "This host is missing an important security update according to\n Microsoft Bulletin MS12-050.", "cvss3": {}, "published": "2012-07-11T00:00:00", "type": "openvas", "title": "Microsoft SharePoint Multiple Privilege Elevation Vulnerabilities (2695502)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1862", "CVE-2012-1858", "CVE-2012-1863", "CVE-2012-1861", "CVE-2012-1860", "CVE-2012-1859"], "modified": "2020-05-15T00:00:00", "id": "OPENVAS:1361412562310902847", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902847", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft SharePoint Multiple Privilege Elevation Vulnerabilities (2695502)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902847\");\n script_version(\"2020-05-15T08:09:24+0000\");\n script_bugtraq_id(53842, 54312, 54313, 54314, 54315, 54316);\n script_cve_id(\"CVE-2012-1858\", \"CVE-2012-1859\", \"CVE-2012-1860\", \"CVE-2012-1861\",\n \"CVE-2012-1862\", \"CVE-2012-1863\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-15 08:09:24 +0000 (Fri, 15 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-07-11 11:11:11 +0530 (Wed, 11 Jul 2012)\");\n script_name(\"Microsoft SharePoint Multiple Privilege Elevation Vulnerabilities (2695502)\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1027232\");\n script_xref(name:\"URL\", value:\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\", \"gb_ms_sharepoint_sever_n_foundation_detect.nasl\", \"secpod_office_products_version_900032.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow an attacker to bypass certain security\n restrictions and conduct cross-site scripting and spoofing attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft InfoPath 2010\n\n - Microsoft Groove Server 2010\n\n - Microsoft Office Web Apps 2010\n\n - Microsoft SharePoint Server 2010\n\n - Microsoft SharePoint Foundation 2010\n\n - Microsoft InfoPath 2007 Service Pack 2\n\n - Microsoft InfoPath 2007 Service Pack 3\n\n - Microsoft InfoPath 2010 Service Pack 1\n\n - Microsoft Groove Server 2010 Service Pack 1\n\n - Microsoft Office Web Apps 2010 Service Pack 1\n\n - Microsoft SharePoint Server 2010 Service Pack 1\n\n - Microsoft SharePoint Foundation 2010 Service Pack 1\n\n - Microsoft Office SharePoint Server 2007 Service Pack 2\n\n - Microsoft Office SharePoint Server 2007 Service Pack 3\n\n - Microsoft Windows SharePoint Services 3.0 Service Pack 2\");\n\n script_tag(name:\"insight\", value:\"- Certain input is not properly sanitised in the 'SafeHTML' API before being\n returned to the user.\n\n - Certain unspecified input is not properly sanitised in scriptresx.ashx\n before being returned to the user. This can be exploited to execute\n arbitrary HTML and script code in a user's browser session in context of\n an affected site.\n\n - An error when validating search scope permissions can be exploited to view\n or modify another user's search scope.\n\n - Certain unspecified input associated with a username is not properly\n sanitised before being returned to the user. This can be exploited to\n execute arbitrary HTML and script code in a user's browser session in\n context of an affected site.\n\n - Certain unspecified input associated with a URL is not properly verified\n before being used to redirect users. This can be exploited to redirect a\n user to an arbitrary website.\n\n - Certain unspecified input associated with a reflected list parameter is\n not properly sanitised before being returned to the user. This can be\n exploited to execute arbitrary HTML and script code in a user's browser\n session in context of an affected site.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security update according to\n Microsoft Bulletin MS12-050.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n## InfoPath 2007 and InfoPath 2010\nkeys = make_list(\"SOFTWARE\\Microsoft\\Office\\12.0\\InfoPath\\InstallRoot\",\n \"SOFTWARE\\Microsoft\\Office\\14.0\\InfoPath\\InstallRoot\");\nforeach key(keys)\n{\n if(registry_key_exists(key:key))\n {\n infoPath = registry_get_sz(key:key, item:\"Path\");\n\n if(infoPath)\n {\n exeVer = fetch_file_version(sysPath:infoPath, file_name:\"Infopath.Exe\");\n dllVer = fetch_file_version(sysPath:infoPath, file_name:\"Ipeditor.dll\");\n if((exeVer &&\n (version_in_range(version:exeVer, test_version:\"12.0\", test_version2:\"12.0.6661.4999\") ||\n version_in_range(version:exeVer, test_version:\"14.0\", test_version2:\"14.0.6120.4999\"))) ||\n (dllVer &&\n (version_in_range(version:dllVer, test_version:\"12.0\", test_version2:\"12.0.6661.4999\") ||\n version_in_range(version:dllVer, test_version:\"14.0\", test_version2:\"14.0.6120.4999\"))))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n }\n}\n\n## Microsoft Groove 2010\nexeVer = get_kb_item(\"SMB/Office/Groove/Version\");\nif(exeVer && exeVer =~ \"^14\\.\")\n{\n key = \"SOFTWARE\\Microsoft\\Office Server\\14.0\\Groove\";\n if(registry_key_exists(key:key))\n {\n dllPath = registry_get_sz(key:key, item:\"EMSInstallDir\");\n if(dllPath)\n {\n dllVer = fetch_file_version(sysPath:dllPath, file_name:\"groovems.dll\");\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"14.0\", test_version2:\"14.0.6116.4999\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n }\n }\n}\n\ncpe_list = make_list(\"cpe:/a:microsoft:sharepoint_server\", \"cpe:/a:microsoft:sharepoint_foundation\", \"cpe:/a:microsoft:sharepoint_services\");\n\nif(!infos = get_app_version_and_location_from_list(cpe_list:cpe_list, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\ncpe = infos[\"cpe\"];\n\n## SharePoint Server 2007 and 2010\nif(\"cpe:/a:microsoft:sharepoint_server\" >< cpe)\n{\n ## SharePoint Server 2007 Service Pack 2 (coreserver)\n if(vers =~ \"^12\\.\"){\n key = \"SOFTWARE\\Microsoft\\Office Server\\12.0\";\n file = \"Microsoft.sharepoint.publishing.dll\";\n }\n\n ## SharePoint Server 2010 (wosrv)\n else if(vers =~ \"^14\\.\"){\n key = \"SOFTWARE\\Microsoft\\Office Server\\14.0\";\n file = \"Microsoft.office.server.native.dll\";\n }\n\n if(key && registry_key_exists(key:key) && file)\n {\n if(path = registry_get_sz(key:key, item:\"BinPath\"))\n {\n dllVer = fetch_file_version(sysPath:path, file_name:file);\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"12.0\", test_version2:\"12.0.6660.4999\") ||\n version_in_range(version:dllVer, test_version:\"14.0\", test_version2:\"14.0.6108.4999\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n }\n }\n}\n\n## SharePoint Foundation 2010\nif(\"cpe:/a:microsoft:sharepoint_foundation\" >< cpe)\n{\n key = \"SOFTWARE\\Microsoft\\Shared Tools\\Web Server Extensions\\14.0\";\n if(registry_key_exists(key:key))\n {\n dllPath = registry_get_sz(key:key, item:\"Location\");\n if(dllPath)\n {\n dllVer = fetch_file_version(sysPath:dllPath, file_name:\"BIN\\Onetutil.dll\");\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"14.0\", test_version2:\"14.0.6120.5004\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n }\n }\n}\n\n## SharePoint Services 3.0 and 2.0\nif(\"cpe:/a:microsoft:sharepoint_services\" >< cpe)\n{\n key = \"SOFTWARE\\Microsoft\\Shared Tools\";\n if(registry_key_exists(key:key))\n {\n dllPath = registry_get_sz(key:key, item:\"SharedFilesDir\");\n if(dllPath)\n {\n dllVer = fetch_file_version(sysPath:dllPath, file_name:\"web server extensions\\12\\BIN\\Onetutil.dll\");\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"12.0\", test_version2:\"12.0.6661.4999\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n\n dllVer2 = fetch_file_version(sysPath:dllPath, file_name:\"web server extensions\\60\\BIN\\Onetutil.dll\");\n if(dllVer2 && dllVer2 =~ \"^11\\.0\")\n {\n if(version_is_less(version:dllVer2, test_version:\"11.0.8346.0\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n }\n }\n}\n\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "mskb": [{"lastseen": "2021-01-01T22:39:07", "description": "<html><body><p>Describes vulnerabilities in SharePoint could allow elevation of privilege, and was released on July 10, 2012.</p><h2>INTRODUCTION</h2><div class=\"kb-summary-section section\">Microsoft has released security bulletin MS12-050. To view the complete security bulletin, go to one of the following Microsoft websites:\u00a0<ul class=\"sbody-free_list\"><li>Home users:<div class=\"indent\"><a href=\"http://www.microsoft.com/security/pc-security/bulletins/201207.aspx\" id=\"kb-link-1\" target=\"_self\">http://www.microsoft.com/security/pc-security/bulletins/201207.aspx</a></div><span class=\"text-base\">Skip the details</span>: Download the updates for your home computer or laptop from the Microsoft Update website now:<br/><div class=\"indent\"><a href=\"http://update.microsoft.com/microsoftupdate/\" id=\"kb-link-2\" target=\"_self\">http://update.microsoft.com/microsoftupdate/</a></div></li><li>IT professionals:<div class=\"indent\"><a href=\"http://technet.microsoft.com/security/bulletin/ms12-050\" id=\"kb-link-3\" target=\"_self\">http://technet.microsoft.com/security/bulletin/MS12-050</a></div></li></ul><h3 class=\"sbody-h3\">How to obtain help and support for this security update</h3> Help installing updates: <a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-4\" target=\"_self\">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals: <br/><a href=\"http://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-5\" target=\"_self\">TechNet Security Troubleshooting and Support</a><br/><br/>Help protect your computer that is running Windows from viruses and malware:<br/><a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-6\" target=\"_self\">Virus Solution and Security Center</a><br/><br/>Local support according to your country: <br/><a href=\"https://support.microsoft.com/common/international.aspx\" id=\"kb-link-7\" target=\"_self\">International Support</a><br/><br/></div><h2></h2><div class=\"kb-moreinformation-section section\"><h4 class=\"sbody-h4\">Known issues and additional information about this security update</h4> <br/> <br/><br/> The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link.<ul class=\"sbody-free_list\"><li><a href=\"https://support.microsoft.com/en-us/help/2553194\" id=\"kb-link-8\">2553194 </a> MS12-050: Description of the security update for SharePoint Server 2010 (coreserverloc): July 10, 2012<br/><br/>Known issues in security update 2553194: <br/><ul class=\"sbody-free_list\"><li>After you install this security update on all SharePoint servers, you have to run the PSconfig tool to complete the installation. For more information about how to use the PSconfig tool, go to the following TechNet webpage:<div class=\"indent\"><a href=\"http://technet.microsoft.com/en-us/library/cc263093.aspx\" id=\"kb-link-9\" target=\"_self\">PSconfig command-line reference (SharePoint Server 2010)</a></div></li></ul></li><li><a href=\"https://support.microsoft.com/en-us/help/2553322\" id=\"kb-link-10\">2553322 </a> MS12-050: Description of the security update for InfoPath 2010: July 10, 2012 </li><li><a href=\"https://support.microsoft.com/en-us/help/2553365\" id=\"kb-link-11\">2553365 </a> MS12-050: Description of the security update for SharePoint Foundation 2010: July 10, 2012<br/><br/>Known issues in security update 2553365: <ul class=\"sbody-free_list\"><li>After you install this security update on all SharePoint servers, you have to run the PSconfig tool to complete the installation. For more information about how to use the PSconfig tool, go to the following TechNet webpage:\u00a0<div class=\"indent\"><a href=\"http://technet.microsoft.com/en-us/library/cc263093.aspx\" id=\"kb-link-12\" target=\"_self\">PSconfig command-line reference (SharePoint Server 2010)</a></div></li></ul></li><li><a href=\"https://support.microsoft.com/en-us/help/2553424\" id=\"kb-link-13\">2553424 </a> MS12-050: Description of the security update for SharePoint Server 2010 (wosrv): July 10, 2012<br/><br/>Known issues in security update 2553424: <ul class=\"sbody-free_list\"><li>After you install this security update on all SharePoint servers, you have to run the PSconfig tool to complete the installation. For more information about how to use the PSconfig tool, go to the following TechNet webpage:\u00a0<div class=\"indent\"><a href=\"http://technet.microsoft.com/en-us/library/cc263093.aspx\" id=\"kb-link-14\" target=\"_self\">PSconfig command-line reference (SharePoint Server 2010)</a></div></li></ul></li><li><a href=\"https://support.microsoft.com/en-us/help/2553431\" id=\"kb-link-15\">2553431 </a> MS12-050: Description of the security update for InfoPath 2010: July 10, 2012<br/><br/>Known issues in security update 2553431: <ul class=\"sbody-free_list\"><li>Windows Update will offer this security update to all systems that are running InfoPath 2010. However, the security update is required only for systems that are running Visual Studio Tool for Applications (VSTA). This security update can be installed on any system that is running InfoPath 2010. However, binaries are updated only on systems that are running VSTA.<br/><br/><span class=\"text-base\">Note </span>If you install this security update on a system that is running InfoPath 2010 without VSTA and then you install VSTA, you do not have to reinstall this security update.</li></ul></li><li><a href=\"https://support.microsoft.com/en-us/help/2589325\" id=\"kb-link-16\">2589325 </a> MS12-050: Description of the security update for Groove Server 2010: July 10, 2012<br/><br/>Known issues in security update 2589325: <ul class=\"sbody-free_list\"><li>If you install any previously released Groove server update before you install this security update, then you may see multiple entries for this security update may appear in <strong class=\"uiterm\">Add or Remove Programs</strong>.</li><li>The Groove security update does not appear in <span class=\"sbody-userinput\">Add or Remove Programs</span>. To determine whether the update is installed, the system administrator can open the SharePoint Configuration Manager console.</li></ul></li><li><a href=\"https://support.microsoft.com/en-us/help/2596663\" id=\"kb-link-17\">2596663 </a> MS12-050: Description of the security update for SharePoint Server 2007 Service Pack 2 (coreserver): July 10, 2012</li><li><a href=\"https://support.microsoft.com/en-us/help/2596666\" id=\"kb-link-18\">2596666 </a> MS12-050: Description of the security update for InfoPath 2007: July 10, 2012<br/><br/>Known issues in security update 2596666: <ul class=\"sbody-free_list\"><li>Windows Update will offer this security update to all systems that are running InfoPath 2010. However, the security update is required only for systems that are running Visual Studio Tool for Applications (VSTA). This security update can be installed on any system that is running InfoPath 2010. However, binaries are updated only on systems that are running VSTA.<br/><br/><span class=\"text-base\">Note </span>If you install this security update on a system that is running InfoPath 2010 without VSTA and then you install VSTA, you do not have to reinstall this security update.</li></ul></li><li><a href=\"https://support.microsoft.com/en-us/help/2596786\" id=\"kb-link-19\">2596786 </a> MS12-050: Description of the security update for InfoPath 2007 (IPEditor): July 10, 2012<br/><br/>Known issues in security update 2596786: <ul class=\"sbody-free_list\"><li>Windows Update will offer this security update to all systems that are running InfoPath 2010. However, the security update is required only for systems that are running Visual Studio Tool for Applications (VSTA). This security update can be installed on any system that is running InfoPath 2010. However, binaries are updated only on systems that are running VSTA.<br/><br/><span class=\"text-base\">Note </span>If you install this security update on a system that is running InfoPath 2010 without VSTA and then you install VSTA, you do not have to reinstall this security update.</li></ul></li><li><a href=\"https://support.microsoft.com/en-us/help/2596911\" id=\"kb-link-20\">2596911 </a> MS12-050: Description of the security update for Windows SharePoint Services 3.0: July 10, 2012</li><li><a href=\"https://support.microsoft.com/en-us/help/2596942\" id=\"kb-link-21\">2596942 </a> MS12-050: Description of the security update for Office SharePoint Server 2007 Service Pack 2 (xlsrvwfe): July 10, 2012</li><li><a href=\"https://support.microsoft.com/en-us/help/2598239\" id=\"kb-link-22\">2598239 </a> MS12-050: Description of the security update for SharePoint Server 2010: July 10, 2012<br/><br/>Known issues in security update 2598239: <ul class=\"sbody-free_list\"><li>After you install this security update on all SharePoint servers, you have to run the PSconfig tool to complete the installation. For more information about how to use the PSconfig tool, go to the following TechNet webpage:\u00a0<div class=\"indent\"><a href=\"http://technet.microsoft.com/en-us/library/cc263093.aspx\" id=\"kb-link-23\" target=\"_self\">PSconfig command-line reference (SharePoint Server 2010)</a></div></li></ul></li><li><a href=\"https://support.microsoft.com/en-us/help/2760604\" id=\"kb-link-24\">2760604 </a> MS12-050: Description of the security update for Microsoft Windows SharePoint Services 2.0 SP3: December 11, 2012</li></ul><span></span><br/><h4 class=\"sbody-h4\">File hash information</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">SHA1 hash</th><th class=\"sbody-th\">SHA256 hash</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-ara.exe</td><td class=\"sbody-td\">944FFC7C1BCC35C796EE1CAEC3D977EA23BE3591</td><td class=\"sbody-td\">5736A05A0858EB07A8239C60593A4D6BD230BA54A3E16274A0773D93EE930570</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-bgr.exe</td><td class=\"sbody-td\">1EF35C81A8B2DF79AD99682D0984731216264B4B</td><td class=\"sbody-td\">45539094870B351DE90768D3E3156E0A825C7F371B415E75E64D405314030139</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-chs.exe</td><td class=\"sbody-td\">F11BB8837A560E4A0BC424D95BEC68E9D74AE377</td><td class=\"sbody-td\">F869A0A164A91A014D2AB1A7492F25363FD6CBFB83F8E4D44E3FFAC96C496D31</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-cht.exe</td><td class=\"sbody-td\">970CF05CCF910C9FF0431DCFC85F085F977AF542</td><td class=\"sbody-td\">22F3DC70AB127BB881DC166CDD771291EE833C7DA207482FEF84D11E0F3A8156</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-csy.exe</td><td class=\"sbody-td\">F49D9534D20C6E8F23C53FB8D226446C8D9EC441</td><td class=\"sbody-td\">18CB0ABCB54DC278D8C314B778999A5AED34948922C3DC9B0E512E0D0F9EEE77</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-dan.exe</td><td class=\"sbody-td\">19FA51E5995EA5EA3EAE16C540BF82550CE107E3</td><td class=\"sbody-td\">0D61FF387EE6507D2840F149A5063DD2C597E21DFF70F8F7AA960B65D36CBB5D</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-deu.exe</td><td class=\"sbody-td\">4D81FFAC740D198A7B66DA296EF9427F9B11CFA2</td><td class=\"sbody-td\">C17A570B8E850D10000BBC4BBA14D6B78C03F267AA6FB169D0E4DF3B5656161F</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-ell.exe</td><td class=\"sbody-td\">03973E73A4AB0E7F0B72D478B61538764AE5E547</td><td class=\"sbody-td\">485CD52BB0B9930C63530F38B7917E6774F548D26766CA40ECAF61377B5945A9</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-enu.exe</td><td class=\"sbody-td\">8CDCE452A26ECC14A0BBBFA80B43CE48F224A6CA</td><td class=\"sbody-td\">2C21C95770D60BA08EBDA7965BC38625E20684BAB4E43E37C70673E133BF9F4F</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-esn.exe</td><td class=\"sbody-td\">FA1B8FE9E815E75E3BD2F24C0C9E559A9E20B4C0</td><td class=\"sbody-td\">0C71F483FE72EAD5BE870EA1A8E9DC60C369FC5FC33733D0D02C629C3E7FF731</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-eti.exe</td><td class=\"sbody-td\">044DA3C7C9A238869D124D697DBEC06B4EA257C3</td><td class=\"sbody-td\">D6755EB7FD5E195A9CD2ADA1E5CA937A2B365AC6DB91AA4342AF4D2818E35D69</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-fin.exe</td><td class=\"sbody-td\">1867C849389450286FEE99C95CD881DA9CFFB708</td><td class=\"sbody-td\">8866AD99D8D83DE3271366399BD1B7998257E15E39A82ED0CB2C9E1DCC6AA943</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-fra.exe</td><td class=\"sbody-td\">777EA2C387B381768D1111E607779E70E41FDF1F</td><td class=\"sbody-td\">744ACE78426672E9EC75817E5D4D3B412DD272B7384C80190BE0B6FA2DB73BE7</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-heb.exe</td><td class=\"sbody-td\">BDC9CAA8D266554B0ED9694562EB4E9B9C7368D1</td><td class=\"sbody-td\">7F7C8210CF6991AFFF14703E780E1191306B1856B00B95BC2F27B7EE59B5FB7E</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-hin.exe</td><td class=\"sbody-td\">0B68573CDAAC765D4ABF325CD3996D1E2E667A17</td><td class=\"sbody-td\">F32BBA4CE8B5861F180261676CA6B44F1DAC36F9175D176EC69062A975C197AC</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-hrv.exe</td><td class=\"sbody-td\">A0917833FD05D8C9175EBAA73BA83CD1C1A25F30</td><td class=\"sbody-td\">FCD5ADF13D09A8DCEC75210F4A452405C8266BB8476EBC4B54D5146BAA2FF8E7</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-hun.exe</td><td class=\"sbody-td\">8329B99DEF9698D3E1D9260DD7F491B99C519584</td><td class=\"sbody-td\">AAB418A8CB3658D061B7356AA3AC1FB0F2A9D68632EEE2664900A1535C46D2A4</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-ita.exe</td><td class=\"sbody-td\">DC7A8679DFB3D21E796A6E61C201437EA1AA5C2F</td><td class=\"sbody-td\">F1D53091A9F95E970642C3A4F612237DAF5BA24414A3F1E9B7A8D8F21F5248F5</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-jpn.exe</td><td class=\"sbody-td\">563502557130AFE06614CDB1CE2FFBA352B74739</td><td class=\"sbody-td\">58F48E2973284C3DAC005B7DB1B3DD9C64FB6F898A027F167E335C3B566FE69C</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-kor.exe</td><td class=\"sbody-td\">A7BD3032953031CDC511666250AECE3F87C64F0B</td><td class=\"sbody-td\">88B675F6DC0F393725B135C1FD7DBBE3F46289221803FF547669A1388EAA996C</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-lth.exe</td><td class=\"sbody-td\">963D99379FF4515725F8DD1594872EB0973E42A4</td><td class=\"sbody-td\">DE8E907C37917D93DA25FEBDB2C7E5A033E486D1D1B2A7D97001486FD0467DAB</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-lvi.exe</td><td class=\"sbody-td\">40B44B094CD1ABDF693AC0C44429888EB07B99F6</td><td class=\"sbody-td\">13841434EA8994760EEF0C7626FAA473F582763B9B9214C94F53B0BEFEFA28BF</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-nld.exe</td><td class=\"sbody-td\">F4F356BC58494D3EB2146955A512163473F5C18C</td><td class=\"sbody-td\">5BBD181CD9F4B518751A47A5F59D821D3F486763CE2050F34173C4F377C1765A</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-nor.exe</td><td class=\"sbody-td\">1BFDAC7CA337DD926FA851DFC44B6C8EB3787D44</td><td class=\"sbody-td\">1855342D407C705D8AA1EE14030C2BFF23E4A1022A87D0121EA937EFC0A5735A</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-plk.exe</td><td class=\"sbody-td\">854ACEEC4ED26C8F2AF6115F8357D3E18D95BF46</td><td class=\"sbody-td\">266194456C096A44F03C180744B74A0A9827F34BA79DB5FC857D271B11FDC2D0</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-ptb.exe</td><td class=\"sbody-td\">80AFB3A70ADD47AF15C5C811298248DA06BFE60F</td><td class=\"sbody-td\">65CEF35AB79343C01CA79C550A4AB72F9F5A1EF786F539BFF6484450C0A05AFF</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-ptg.exe</td><td class=\"sbody-td\">064033EDCD99453BDA48A6EF012F76E0FFC1422C</td><td class=\"sbody-td\">6C4BC8DA2B32B3F854D70DF23AEB9BF0A715B7DAC9F35C6399B2D0DEA7E9FB0A</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-rom.exe</td><td class=\"sbody-td\">FF36147DCBB752ACE97C682B1D8B8935A848C5D0</td><td class=\"sbody-td\">4128BAD2C2DDD45017530CECC0C2A7ADC0B88D3BCF5072170FF7D97A1E9BF26D</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-rus.exe</td><td class=\"sbody-td\">35B3BDC570F6D82475A62C38171260B24BE2266B</td><td class=\"sbody-td\">4391A7761F2DB2FB3058FCA6E306519DA44EAEBDE2A990B520FA1EE3F60E360E</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-sky.exe</td><td class=\"sbody-td\">1D5A41747ABC246F69A1C61E36B524604E5A0FEC</td><td class=\"sbody-td\">B598C60AD4FE2C82A7B43D390B32D6917A2637378B679A11C8D52E433840507F</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-slv.exe</td><td class=\"sbody-td\">CE0131A5858230363BFDD3BF6EA399ABDE1378BC</td><td class=\"sbody-td\">3605324E72645A7E126E037DCBC79827DE28DDD364C95DB79FB416402462EAEF</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-srl.exe</td><td class=\"sbody-td\">AD4A19231C72A880D361BFF018773F3486BED26C</td><td class=\"sbody-td\">A1B5F71EDEB27A906C98438E3429882C82EC60CF58815EE10AE6BADAD97B949E</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-sve.exe</td><td class=\"sbody-td\">94575D9AEC7CC927278BA869A31EEB42A760D324</td><td class=\"sbody-td\">CEC7BFD45C09D1E52F1DD4137B558D9D7B9613353B26C2C54A652E80C5FCFD68</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-tha.exe</td><td class=\"sbody-td\">6999EECC0D501ABFF9B490203C5E2016E1617B99</td><td class=\"sbody-td\">B6D0DF67C45B6F5C1368C3B23AB624DB6127B03D5C980FC29D842488FAC27205</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-trk.exe</td><td class=\"sbody-td\">B62A256B76FBEE70FB51EF41700D164B9DF1B548</td><td class=\"sbody-td\">309659C1C8060265A6DB0C6C31F89720A61F8DD065FA3DCD8A9AC5CA389FCB4F</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-ukr.exe</td><td class=\"sbody-td\">92C0AD7EE66A4E20AC22D23CCA4D405FB53ED927</td><td class=\"sbody-td\">8C1EC306BA0883730D2D5C554DD9116998C2F11B816D20A236A78E7EF671CEE4</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-zhh.exe</td><td class=\"sbody-td\">18B05B146DE37B421C37EDB2CC8801884044B8B5</td><td class=\"sbody-td\">3402D3016F8500DDC25E566D50CB91130885BE25A509643BA96F9B9D8DB3FA24</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">coreserver2007-kb2596663-fullfile-x64-glb.exe</td><td class=\"sbody-td\">B4B8C2D03393AFAE2D609B3E22E9C54459170AB7</td><td class=\"sbody-td\">287BA5C0B0672DB4FBF9A7C15A539F6699FA1BA91A4170B049308C52DBB0FA22</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">coreserver2007-kb2596663-fullfile-x86-glb.exe</td><td class=\"sbody-td\">459B707CC63E3F0B38D87BA0968D89C7D7766707</td><td class=\"sbody-td\">0B187B5ACC20FC8EBC4CCC1BF658D51E4A4DA4F564C2CA1B92B432A0C40C6D2C</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">coreserverloc2010-kb2553194-fullfile-x64-glb.exe</td><td class=\"sbody-td\">92515E81643BBB6DDFFEB3D6295645322BE1C094</td><td class=\"sbody-td\">D29D2A72BAE50717011AC007AEACD1B69E802FD5E4D4AC3A0A7DB27488EDEB0F</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">emsgrs2010-kb2589325-fullfile-x64-glb.exe</td><td class=\"sbody-td\">C40B9731DA0D72958E97C37C8562676E9035DF1E</td><td class=\"sbody-td\">98D9F03A1B94B0C6085E320A760F64391A1E6F34064666D140E55252F1B2908C</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">infopath2007-kb2596666-fullfile-x86-glb.exe</td><td class=\"sbody-td\">6089333AEB61B4F0613898C33F8583A15957D782</td><td class=\"sbody-td\">C6440DAB225C67F0C290A1AD0B85C72BA3C6B2F813B0901B04FCABDF1FC9B086</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">infopath2010-kb2553431-fullfile-x64-glb.exe</td><td class=\"sbody-td\">CF9C2F85761B14386A848CD89E5C517F632ECF08</td><td class=\"sbody-td\">6A16C443958BEFAE24E861E053B04EB09CB78A777DAF9A7C603E70DAAD6E5D2D</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">infopath2010-kb2553431-fullfile-x86-glb.exe</td><td class=\"sbody-td\">C1CF3BFC26754C57F8A5C111C014015BEC5D6D3B</td><td class=\"sbody-td\">8AACEAE7227509C592442829FA06D6924E48C8E15D5238C79104E9C716ADA5D9</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ipeditor2007-kb2596786-fullfile-x86-glb.exe</td><td class=\"sbody-td\">C098589CFF0B676B80C4C5B2E145B9BD93E2C355</td><td class=\"sbody-td\">6611329D0E156EB2DC01584F9ED1EF72BD08D81FE083FFC57ACD541BB0D31700</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ipeditor2010-kb2553322-fullfile-x64-glb.exe</td><td class=\"sbody-td\">CE8A14DBFA1513CF843B37B30113A37DE5EB33FF</td><td class=\"sbody-td\">B721DCF88277D1271DE22C3A1E7869389C3EB976BDE8C7176CD74C0E322ACC35</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ipeditor2010-kb2553322-fullfile-x86-glb.exe</td><td class=\"sbody-td\">2C9EC3F1D70A4E04A15D81DC6AE75ABEC168E700</td><td class=\"sbody-td\">5F269A2559012056B6F16DB638365F7225C143B524AFC0DA77331671933952EF</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">sts-x-none-x64.cab</td><td class=\"sbody-td\">C093C7C13D7CB01D5F7B2F244399DBC34BB10D20</td><td class=\"sbody-td\">05853D2678F4D335A0BCFC1AA74E79D980072A7F23CAABF64C2635675210F54C</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">sts-x-none-x86.cab</td><td class=\"sbody-td\">13258CA09C2D2A019C5E1F7EEFD53378B53A93CA</td><td class=\"sbody-td\">CFE52C1389B605C1E3AAB0024D7C771828E799F5F8FD1C4C010F3A86992B4560</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">sts2007-kb2596911-fullfile-x64-glb.exe</td><td class=\"sbody-td\">302CB71DCB952EB7AE2BB7A0DFCB3826488DFFD9</td><td class=\"sbody-td\">E01E674F45D599895EA65579874D22F3A990E385EBAABA69FEE232095147DF4E</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">sts2007-kb2596911-fullfile-x86-glb.exe</td><td class=\"sbody-td\">3B815B9647BB14E549B89BF61E26AF34BCE63006</td><td class=\"sbody-td\">DE51614C7107B26600E44AE5AE6AA12B6D4BC2E5C2BD84ADCFD39E409529371C</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wac2010-kb2598239-fullfile-x64-glb.exe</td><td class=\"sbody-td\">5DA77BDDC33BA933C94C5922FD037796A74CDD50</td><td class=\"sbody-td\">60E369CA03A8237938070573F31DCB1AFCFAD738616C6F2E75B7D6CBFCEEC184</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wosrv2010-kb2553424-fullfile-x64-glb.exe</td><td class=\"sbody-td\">6DF33A7F0FCD21696C581DA461805BC245D5E5D4</td><td class=\"sbody-td\">057090BC16ED1EB4974ABA40E2FC79AB4AED3D431E2224002F6402847439A2E0</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2010-kb2553365-fullfile-x64-glb.exe</td><td class=\"sbody-td\">1974AEBB7C576D58499CDEDB25C426FAAEDA0C57</td><td class=\"sbody-td\">CC9980F485D951CFAD7E2B9FB93F70C1703C8DEC1E4EB91AD5EB7DC8F95BCE39</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">xlsrvwfe2007-kb2596942-fullfile-x64-glb.exe</td><td class=\"sbody-td\">3D987EDEAE127AA515409E02448A3CFDE785EF79</td><td class=\"sbody-td\">E895F8A3E13B19D0A48F64194B712F5CB00B4EF532038EBEF9EAB8BB3E80105D</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">xlsrvwfe2007-kb2596942-fullfile-x86-glb.exe</td><td class=\"sbody-td\">F54164686BC47A54EB7CD22096DCE7932DD60F3A</td><td class=\"sbody-td\">C3F8E89D78BFC09257F5E97E9CEA68567225506366B4DFE8CC9586EF2226FBF9</td></tr></table></div></div></body></html>", "edition": 2, "cvss3": {}, "published": "2012-07-10T00:00:00", "type": "mskb", "title": "MS12-050: Vulnerabilities in SharePoint could allow elevation of privilege: July 10, 2012", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1862", "CVE-2012-1858", "CVE-2012-1863", "CVE-2012-1861", "CVE-2012-1860", "CVE-2012-1859"], "modified": "2012-12-11T20:04:29", "id": "KB2695502", "href": "https://support.microsoft.com/en-us/help/2695502/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:47", "description": "Crossite scripting, URL redirection.", "cvss3": {}, "published": "2012-07-11T00:00:00", "type": "securityvulns", "title": "Microsoft Sharepoint multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2012-1862", "CVE-2012-1858", "CVE-2012-1863", "CVE-2012-1861", "CVE-2012-1860", "CVE-2012-1859"], "modified": "2012-07-11T00:00:00", "id": "SECURITYVULNS:VULN:12466", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12466", "sourceData": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2023-01-11T14:27:50", "description": "The versions of InfoPath, Office SharePoint Server, SharePoint Server, Groove Server, Windows SharePoint Services, SharePoint Foundation, or Office Web Apps installed on the remote host are affected by multiple privilege escalation and information disclosure vulnerabilities :\n\n - An information disclosure vulnerability exists in the way that HTML strings are sanitized. An attacker who successfully exploited this vulnerability could perform cross-site scripting attacks and run script in the security context of the logged-on user. (CVE-2012-1858)\n\n - A cross-site scripting and a privilege escalation vulnerability allow attacker-controlled JavaScript to run in the context of the user clicking a link. An anonymous attacker could also potentially issue SharePoint commands in the context of an authenticated user on the site. (CVE-2012-1859)\n\n - An information disclosure vulnerability exists in the way that SharePoint stores search scopes. An attacker could view or tamper with other users' search scopes.\n (CVE-2012-1860)\n\n - A cross-site scripting vulnerability exists that allows attacker-controlled JavaScript to run in the context of the user clicking a link. An anonymous attacker could also potentially issue SharePoint commands in the context of an authenticated user. (CVE-2012-1861)\n\n - A URL redirection vulnerability exists in SharePoint.\n The vulnerability could lead to spoofing and information disclosure and could allow an attacker to redirect a user to an external URL. (CVE-2012-1862)\n\n - A cross-site scripting vulnerability exists that allows attacker-controlled JavaScript to run in the context of the user clicking a link. An anonymous attacker could also potentially issue SharePoint commands in the context of an authenticated user. (CVE-2012-1863).", "cvss3": {}, "published": "2012-07-11T00:00:00", "type": "nessus", "title": "MS12-050: Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1858", "CVE-2012-1859", "CVE-2012-1860", "CVE-2012-1861", "CVE-2012-1862", "CVE-2012-1863"], "modified": "2019-12-04T00:00:00", "cpe": ["cpe:/a:microsoft:groove", "cpe:/a:microsoft:infopath", "cpe:/a:microsoft:office_web_apps", "cpe:/a:microsoft:sharepoint_server", "cpe:/a:microsoft:sharepoint_services", "cpe:/a:microsoft:sharepoint_foundation"], "id": "SMB_NT_MS12-050.NASL", "href": "https://www.tenable.com/plugins/nessus/59913", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59913);\n script_version(\"1.26\");\n script_cvs_date(\"Date: 2019/12/04\");\n\n script_cve_id(\n \"CVE-2012-1858\",\n \"CVE-2012-1859\",\n \"CVE-2012-1860\",\n \"CVE-2012-1861\",\n \"CVE-2012-1862\",\n \"CVE-2012-1863\"\n );\n script_bugtraq_id(\n 53842,\n 54312,\n 54313,\n 54314,\n 54315,\n 54316\n );\n script_xref(name:\"EDB-ID\", value:\"19777\");\n script_xref(name:\"MSFT\", value:\"MS12-050\");\n script_xref(name:\"MSKB\", value:\"2553194\");\n script_xref(name:\"MSKB\", value:\"2553322\");\n script_xref(name:\"MSKB\", value:\"2553365\");\n script_xref(name:\"MSKB\", value:\"2553424\");\n script_xref(name:\"MSKB\", value:\"2553431\");\n script_xref(name:\"MSKB\", value:\"2589325\");\n script_xref(name:\"MSKB\", value:\"2596663\");\n script_xref(name:\"MSKB\", value:\"2596666\");\n script_xref(name:\"MSKB\", value:\"2596786\");\n script_xref(name:\"MSKB\", value:\"2596911\");\n script_xref(name:\"MSKB\", value:\"2596942\");\n script_xref(name:\"MSKB\", value:\"2598239\");\n script_xref(name:\"MSKB\", value:\"2760604\");\n\n script_name(english:\"MS12-050: Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502)\");\n script_summary(english:\"Checks InfoPath / SharePoint / Groove / Office Web Apps version\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple privilege escalation and\ninformation disclosure vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The versions of InfoPath, Office SharePoint Server, SharePoint Server,\nGroove Server, Windows SharePoint Services, SharePoint Foundation, or\nOffice Web Apps installed on the remote host are affected by multiple\nprivilege escalation and information disclosure vulnerabilities :\n\n - An information disclosure vulnerability exists in the\n way that HTML strings are sanitized. An attacker who\n successfully exploited this vulnerability could perform\n cross-site scripting attacks and run script in the\n security context of the logged-on user. (CVE-2012-1858)\n\n - A cross-site scripting and a privilege escalation\n vulnerability allow attacker-controlled JavaScript to\n run in the context of the user clicking a link. An\n anonymous attacker could also potentially issue\n SharePoint commands in the context of an authenticated\n user on the site. (CVE-2012-1859)\n\n - An information disclosure vulnerability exists in the\n way that SharePoint stores search scopes. An attacker\n could view or tamper with other users' search scopes.\n (CVE-2012-1860)\n\n - A cross-site scripting vulnerability exists that allows\n attacker-controlled JavaScript to run in the context of\n the user clicking a link. An anonymous attacker could\n also potentially issue SharePoint commands in the\n context of an authenticated user. (CVE-2012-1861)\n\n - A URL redirection vulnerability exists in SharePoint.\n The vulnerability could lead to spoofing and information\n disclosure and could allow an attacker to redirect a\n user to an external URL. (CVE-2012-1862)\n\n - A cross-site scripting vulnerability exists that allows\n attacker-controlled JavaScript to run in the context of\n the user clicking a link. An anonymous attacker could\n also potentially issue SharePoint commands in the\n context of an authenticated user. (CVE-2012-1863).\");\n # http://blog.watchfire.com/wfblog/2012/07/tostatichtml-the-second-encounter-cve-2012-1858-html-sanitizing-information-disclosure-introduction-t.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c7d49512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-050\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for InfoPath 2007, InfoPath\n2010, Office SharePoint Server 2007, SharePoint Server 2010, Groove\nServer 2010, Windows SharePoint Services 2.0 and 3.0, SharePoint\nFoundation 2010, and Office Web Apps 2010.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-1862\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:groove\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:infopath\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office_web_apps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:sharepoint_server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:sharepoint_services\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:sharepoint_foundation\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"office_installed.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nglobal_var bulletin, vuln;\n\nfunction get_ver()\n{\n local_var fh, path, rc, share, ver;\n\n path = _FCT_ANON_ARGS[0];\n\n share = ereg_replace(pattern:\"^([A-Za-z]):.*\", replace:\"\\1$\", string:path);\n\n rc = NetUseAdd(share:share);\n if (rc != 1)\n {\n NetUseDel();\n audit(AUDIT_SHARE_FAIL, share);\n }\n\n ver = NULL;\n path = ereg_replace(string:path, pattern:\"^[A-Za-z]:(.*)\", replace:\"\\1\\\");\n\n fh = CreateFile(\n file : path,\n desired_access : GENERIC_READ,\n file_attributes : FILE_ATTRIBUTE_NORMAL,\n share_mode : FILE_SHARE_READ,\n create_disposition : OPEN_EXISTING\n );\n if (!isnull(fh))\n {\n ver = GetFileVersion(handle:fh);\n ver = join(ver, sep:\".\");\n CloseFile(handle:fh);\n }\n\n NetUseDel(close:FALSE);\n\n return ver;\n}\n\nfunction check_vuln(fix, kb, name, path, ver)\n{\n local_var info;\n\n if (isnull(ver))\n ver = get_ver(path);\n\n if (isnull(ver) || ver_compare(ver:ver, fix:fix, strict:FALSE) >= 0)\n return 0;\n\n info =\n '\\n Product : ' + name +\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fix +\n '\\n';\n hotfix_add_report(info, bulletin:bulletin, kb:kb);\n\n vuln = TRUE;\n}\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS12-050\";\nkbs = make_list(\n 2596666, 2596786, 2553431, 2553322,\n 2596663, 2596942, 2553424, 2553194,\n 2589325, 2596911, 2553365, 2598239, 2760604\n);\nif (get_kb_item(\"Host/patch_management_checks\"))\n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\", exit_code:1);\n\n# Connect to the registry.\nregistry_init();\nhklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);\n\n# Get path information for SharePoint Server 2007.\nsps_2007_path = get_registry_value(\n handle : hklm,\n item : \"SOFTWARE\\Microsoft\\Office Server\\12.0\\InstallPath\"\n);\n\n# Get path information for SharePoint Server 2010.\nsps_2010_path = get_registry_value(\n handle : hklm,\n item : \"SOFTWARE\\Microsoft\\Office Server\\14.0\\InstallPath\"\n);\n\n# Get path information for SharePoint Services 2.0\nsps_20_path = get_registry_value(\n handle : hklm,\n item : \"SOFTWARE\\Microsoft\\Shared Tools\\Web Server Extensions\\6.0\\Location\"\n);\n\n# Get path information for SharePoint Services 3.0 or SharePoint Foundation 2010.\nforeach ver (make_list(\"12.0\", \"14.0\"))\n{\n spf_2010_path = get_registry_value(\n handle : hklm,\n item : \"SOFTWARE\\Microsoft\\Shared Tools\\Web Server Extensions\\\" + ver + \"\\Location\"\n );\n\n if (spf_2010_path)\n break;\n}\n\n# Get path information for Groove Server 2010.\ngs_2010_path = get_registry_value(\n handle : hklm,\n item : \"SOFTWARE\\Microsoft\\Office Server\\14.0\\Groove\\Groove Relay\\Parameters\\InstallDir\"\n);\n\n# Close connection to registry.\nRegCloseKey(handle:hklm);\nclose_registry(close:FALSE);\n\n# Get path and version information for InfoPath.\nip_installs = get_kb_list(\"SMB/Office/InfoPath/*/ProductPath\");\n\n# Get path information for Windows.\nwindir = hotfix_get_systemroot();\nif (isnull(windir))\n exit(1, \"Failed to determine the location of %windir%.\");\n\n# Get path information for Common Files.\ncommonprogramfiles = hotfix_get_commonfilesdir();\nif (isnull(commonprogramfiles))\n exit(1, \"Failed to determine the location of %commonprogramfiles%.\");\n\n# Get path information for Office Web Apps.\nowa_2010_path = sps_2010_path;\n\nif (!isnull(ip_installs))\n{\n foreach install (keys(ip_installs))\n {\n ip_ver = install - 'SMB/Office/InfoPath/' - '/ProductPath';\n ip_path = ip_installs[install];\n if (ip_path) ip_path = ereg_replace(string:ip_path, pattern:\"(.*)(\\\\[^\\\\]+)$\", replace:\"\\1\");\n\n ######################################################################\n # InfoPath 2007 SP2 / SP3\n #\n # [KB2596666] Infopath.Exe: 12.0.6661.5000\n # [KB2596786] Ipeditor.dll: 12.0.6661.5000\n ######################################################################\n office_sp2007 = get_kb_item(\"SMB/Office/2007/SP\");\n office_sp2010 = get_kb_item(\"SMB/Office/2010/SP\");\n if (ip_ver =~ '^12\\\\.' && (!isnull(office_sp2007) && (office_sp2007 == 2 || office_sp2007 == 3)))\n {\n name = \"InfoPath 2007\";\n\n check_vuln(\n name : name,\n kb : \"2596666\",\n path : ip_path + \"\\Infopath.Exe\",\n fix : \"12.0.6661.5000\"\n );\n\n check_vuln(\n name : name,\n kb : \"2596786\",\n path : ip_path + \"\\Ipeditor.dll\",\n fix : \"12.0.6661.5000\"\n );\n }\n ######################################################################\n # InfoPath 2010 SP0 / SP1\n #\n # [KB2553431] Infopath.Exe: 14.0.6120.5000\n # [KB2553322] Ipeditor.dll: 14.0.6120.5000\n ######################################################################\n else if (ip_ver =~ '^14\\\\.' && (!isnull(office_sp2010) && (office_sp2010 == 0 || office_sp2010 == 1)))\n {\n name = \"InfoPath 2010\";\n\n check_vuln(\n name : name,\n kb : \"2553431\",\n path : ip_path + \"\\Infopath.Exe\",\n fix : \"14.0.6120.5000\"\n );\n\n check_vuln(\n name : name,\n kb : \"2553322\",\n path : ip_path + \"\\Ipeditor.dll\",\n fix : \"14.0.6120.5000\"\n );\n }\n }\n}\n\n######################################################################\n# Office SharePoint Server 2007 SP2 / SP3\n#\n# [KB2596663] Microsoft.SharePoint.Publishing.dll: 12.0.6660.5000\n# [KB2596942] Microsoft.office.excel.webui.dll: 12.0.6661.5000\n######################################################################\nif (sps_2007_path)\n{\n name = \"Office SharePoint Server 2007\";\n\n check_vuln(\n name : name,\n kb : \"2596663\",\n path : sps_2007_path + \"Bin\\Microsoft.SharePoint.Publishing.dll\",\n fix : \"12.0.6660.5000\"\n );\n\n share = ereg_replace(string:windir, pattern:\"^([A-Za-z]):.*\", replace:\"\\1$\");\n rc = NetUseAdd(share:share);\n if (rc != 1)\n {\n NetUseDel();\n audit(AUDIT_SHARE_FAIL, share);\n }\n\n dir = ereg_replace(string:windir, pattern:\"^[A-Za-z]:(.*)\", replace:\"\\1\");\n subdir = \"\\assembly\\GAC_MSIL\\Microsoft.Office.Excel.WebUI\\\";\n file = \"\\Microsoft.Office.Excel.WebUI.dll\";\n\n # Check for the DLL in each subdirectory.\n for (\n dh = FindFirstFile(pattern:dir + subdir + \"*\");\n !isnull(dh);\n dh = FindNextFile(handle:dh)\n )\n {\n # Skip non-directories.\n if (dh[2] & FILE_ATTRIBUTE_DIRECTORY == 0)\n continue;\n\n # Skip current and parent directories.\n if (dh[1] == \".\" || dh[1] == \"..\")\n continue;\n\n # Skip anything that doesn't look like the 2007 branch.\n if (dh[1] !~ \"^12\\.\")\n continue;\n\n # Get the version number from the file, if it exists.\n path = dir + subdir + dh[1] + file;\n fh = CreateFile(\n file : path,\n desired_access : GENERIC_READ,\n file_attributes : FILE_ATTRIBUTE_NORMAL,\n share_mode : FILE_SHARE_READ,\n create_disposition : OPEN_EXISTING\n );\n if (isnull(fh))\n continue;\n\n ver = GetFileVersion(handle:fh);\n CloseFile(handle:fh);\n\n check_vuln(\n name : name,\n kb : \"2596942\",\n path : windir + subdir + dh[1] + file,\n ver : join(ver, sep:\".\"),\n fix : \"12.0.6661.5000\"\n );\n }\n\n # Clean up.\n NetUseDel(close:FALSE);\n}\n\n######################################################################\n# SharePoint Server 2010 SP0 / SP1\n#\n# [KB2553424] Microsoft.resourcemanagement.dll: 4.0.2450.47\n# [KB2553194] Ssetupui.dll: 14.0.6120.5000\n######################################################################\nif (sps_2010_path)\n{\n name = \"Office SharePoint Server 2010\";\n\n check_vuln(\n name : name,\n kb : \"2553424\",\n path : sps_2010_path + \"Service\\Microsoft.resourcemanagement.dll\",\n fix : \"4.0.2450.47\"\n );\n\n check_vuln(\n name : name,\n kb : \"2553194\",\n path : commonprogramfiles + \"\\Microsoft Shared\\SERVER14\\Server Setup Controller\\WSS.en-us\\Ssetupui.dll\",\n fix : \"14.0.6120.5000\"\n );\n}\n\n######################################################################\n# Groove Server 2010 SP0 / SP1\n#\n# [KB2589325] Relay.exe: 14.0.6120.5000\n######################################################################\nif (gs_2010_path)\n{\n check_vuln(\n name : \"Groove Server 2010\",\n kb : \"2589325\",\n path : gs_2010_path + \"\\Relay.exe\",\n fix : \"14.0.6120.5000\"\n );\n}\n\n######################################################################\n# SharePoint Services 2.0\n#\n# [KB2760604] Onetutil.dll: 11.0.8346.0\n######################################################################\nif (sps_20_path)\n{\n path = sps_20_path + \"Bin\\Onetutil.dll\";\n ver = get_ver(path);\n\n check_vuln(\n name : \"SharePoint Services 2.0\",\n kb : \"2760604\",\n path : path,\n fix : \"11.0.8346.0\"\n );\n}\n\n######################################################################\n# SharePoint Services 3.0 SP2\n#\n# [KB2596911] Mssrch.dll: 12.0.6660.5000\n#\n#\n# SharePoint Foundation 2010 SP0 / SP1\n#\n# [KB2553365] Mssrch.dll: 14.0.6119.5000\n######################################################################\nif (spf_2010_path)\n{\n path = spf_2010_path + \"Bin\\Mssrch.dll\";\n ver = get_ver(path);\n\n if (ver && ver =~ \"^12\\.\")\n {\n check_vuln(\n name : \"SharePoint Services 3.0\",\n kb : \"2596911\",\n path : path,\n ver : ver,\n fix : \"12.0.6660.5000\"\n );\n }\n else if (ver && ver =~ \"^14\\.\")\n {\n check_vuln(\n name : \"SharePoint Foundation 2010\",\n kb : \"2553365\",\n path : path,\n ver : ver,\n fix : \"14.0.6119.5000\"\n );\n }\n}\n\n######################################################################\n# Office Web Apps 2010 SP0 / SP1\n#\n# [KB2598239] msoserver.dll: 14.0.6120.5000\n######################################################################\nif (owa_2010_path)\n{\n check_vuln(\n name : \"Office Web Apps 2010\",\n kb : \"2598239\",\n path : owa_2010_path + \"WebServices\\ConversionService\\Bin\\Converter\\msoserver.dll\",\n fix : \"14.0.6120.5000\"\n );\n}\n\nhotfix_check_fversion_end();\n\nif (!vuln)\n audit(AUDIT_HOST_NOT, 'affected');\n# Flag the system as vulnerable.\nset_kb_item(name:\"SMB/Missing/\" + bulletin, value:TRUE);\nset_kb_item(name:\"www/0/XSS\", value:TRUE);\nhotfix_security_warning();\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
CVE-2012-1860
