Microsoft SharePoint 跨站脚本漏洞(CVE-2012-1863)

2012-07-11T00:00:00

Description

Bugtraq ID:54316 CVE ID:CVE-2012-1863 Microsoft SharePoint Server是一款服务器功能集成套件，提供全面的内容管理和企业搜索、加速共享业务流程并便利跨界限信息共享。 Microsoft SharePoint Server存在一个跨站脚本漏洞，允许攻击者通过URL中特制的JavaScript元素，注入任意WEB脚本或HTML，攻击者可以利用漏洞获得敏感信息或劫持用户会话。 0 Microsoft SharePoint Foundation 2010 SP1 Microsoft SharePoint Foundation 2010 Microsoft InfoPath 2010 Microsoft InfoPath 2007 SP2 Microsoft InfoPath 2007 厂商解决方案用户可参考如下供应商提供的安全公告获得补丁信息： http://technet.microsoft.com/security/bulletin/MS12-050

{"cve": [{"lastseen": "2023-02-09T14:03:38", "description": "Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka \"SharePoint Reflected List Parameter Vulnerability.\"", "cvss3": {}, "published": "2012-07-10T21:55:00", "type": "cve", "title": "CVE-2012-1863", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1863"], "modified": "2018-10-12T22:02:00", "cpe": ["cpe:/a:microsoft:sharepoint_services:3.0", "cpe:/a:microsoft:sharepoint_server:2007", "cpe:/a:microsoft:office_sharepoint_server:2007", "cpe:/a:microsoft:sharepoint_foundation:2010"], "id": "CVE-2012-1863", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1863", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:microsoft:sharepoint_services:3.0:sp2:x32:*:*:*:*:*", "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x32:*:*:*:*:*", "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp3:x32:*:*:*:*:*", "cpe:2.3:a:microsoft:sharepoint_foundation:2010:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x64:*:*:*:*:*", "cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp3:x64:*:*:*:*:*", "cpe:2.3:a:microsoft:sharepoint_server:2007:sp3:*:*:*:*:*:*", "cpe:2.3:a:microsoft:sharepoint_services:3.0:sp2:x64:*:*:*:*:*", "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:*"]}], "symantec": [{"lastseen": "2021-06-08T19:04:09", "description": "### Description\n\nMicrosoft SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to perform unauthorized actions such as reading, modifying, or deleting content on behalf of the victim on the SharePoint site.\n\n### Technologies Affected\n\n * Microsoft InfoPath 2007 \n * Microsoft InfoPath 2007 SP2 \n * Microsoft InfoPath 2007 SP3 \n * Microsoft InfoPath 2010 (32-bit editions) \n * Microsoft InfoPath 2010 (64-bit editions) \n * Microsoft InfoPath 2010 \n * Microsoft InfoPath 2010 SP1 (32-bit editions) \n * Microsoft InfoPath 2010 SP1 (64-bit editions) \n * Microsoft Office SharePoint Server 2007 SP2 (64-bit) \n * Microsoft Office SharePoint Server 2007 SP2 \n * Microsoft Office SharePoint Server 2007 SP3 (64-bit) \n * Microsoft Office SharePoint Server 2007 SP3 \n * Microsoft SharePoint Foundation 2010 \n * Microsoft SharePoint Foundation 2010 SP1 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nAttackers may successfully exploit client flaws in the browser through cross-site scripting vulnerabilities. When possible, run client software as regular user accounts with limited access to system resources. This may limit the immediate consequences of client-side vulnerabilities. \n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to detect and block attacks and anomalous activity such as requests containing suspicious URI sequences. Since the webserver may log such requests, review its logs regularly.\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to websites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users. \n\n**Set web browser security to disable the execution of script code or active content.** \nSince exploiting cross-site scripting issues often requires malicious script code to run in browsers, consider disabling script code and active content support within a client browser as a way to prevent a successful exploit. Note that this mitigation tactic might adversely affect legitimate sites that rely on the execution of browser-based script code. \n\nVendor updates are available. Please see the references for more information.\n", "cvss3": {}, "published": "2012-07-10T00:00:00", "type": "symantec", "title": "Microsoft SharePoint CVE-2012-1863 Cross Site Scripting Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2012-1863"], "modified": "2012-07-10T00:00:00", "id": "SMNTC-54316", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/54316", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "checkpoint_advisories": [{"lastseen": "2022-11-28T07:01:52", "description": "A cross-site scripting vulnerability has been discovered in Microsoft SharePoint. The vulnerability is due to insufficient sanitization of the List parameter. A remote attacker could trigger this flaw by enticing a user to follow a URL containing script code in the List parameter.", "cvss3": {}, "published": "2013-03-12T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft SharePoint Reflected List Parameter Cross-site Scripting (SA49875; CVE-2012-1863)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2012-1863"], "modified": "2022-11-27T00:00:00", "id": "CPAI-2013-1601", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-28T07:12:12", "description": "An information disclosure and elevation of privilege vulnerability has been reported in Microsoft SharePoint.", "cvss3": {}, "published": "2012-07-10T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft SharePoint Reflected List Parameter XSS (MS12-050; CVE-2012-1863)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2012-1863"], "modified": "2022-11-27T00:00:00", "id": "CPAI-2012-302", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}], "threatpost": [{"lastseen": "2018-10-06T23:03:10", "description": "A serious remote-code execution vulnerability in PHP was accidentally disclosed Wednesday, leading to fears of an outbreak of attacks on sites that were built using vulnerable versions of PHP. The bug has been known privately since January when a team of researchers used it in a capture the flag contest and then subsequently reported it to the PHP Group. The developers were still in the process of building the patch for the flaw when it was disclosed Wednesday.\n\nThe vulnerability is a simple one but it has serious consequences. Essentially, the researchers found that when they passed a specific query string that contained the -s command to PHP in a CGI setup, PHP would interpret the -s as the command line argument and result in the disclosure of the source code for the application. They extended their testing and found they could pass whatever command-line arguments they wanted ot the PHP binary.\n\n\u201cWhen PHP is used in a CGI-based setup (such as Apache\u2019s`mod_cgid`), the `php-cgi` receives a processed query string parameter as command line arguments which allows command-line switches, such as `-s, -d or -c` to be passed to the `php-cgi` binary, which can be exploited to disclose source code and obtain arbitrary code execution,\u201d the [US-CERT](<http://www.kb.cert.org/vuls/id/520827>) said in an advisory published Wednesday. \u201cA remote unauthenticated attacker could obtain sensitive information, cause a denial of service condition or may be able to execute arbitrary code with the privileges of the web server.\u201d\n\nThe team that found the bug, known as Eindbazen, said that they had been waiting for several months for the PHP Group to release a patch for the vulnerability in order to publish information about the bug. However, someone accidentally marked an internal PHP bug as public and it eventually was posted to Reddit. So Eindbazen then published the details of their findings and how it can be exploited. \n\n\u201cWe\u2019ve tested this and have confirmed that the query parameters are passed to the php5-cgi binary in this configuration. Since the wrapper script merely passes all the arguments on to the actual php-cgi binary, the same problem exists with configurations where php-cgi is directly copied into the cgi-bin directory. It\u2019s interesting to note that while slashes get added to any shell metacharacters we pass in the query string, spaces and dashes (\u2018-\u2019) are not escaped. So we can pass as many options to PHP as we want!\u201d they wrote in their analysis of the [PHP CVE-2012-1823 vulnerability](<http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/>). \n\n\u201cThere is one slight complication: php5-cgi behaves differently depending on which environment variables have been set, disabling the flag -r for direct code execution among others. However, this can be trivially bypassed. We\u2019re removing the remote code execution PoC out of an abundance of caution, but at this point anyone should be able to figure this out. And for the record: safe_mode, allow_url_include and other security-related ini settings will not save you.\u201d\n\nPHP is one of the more popular scripting languages used in Web development. Since the time that the Eindbazen team reported the bug to the PHP Group, there have been several new versions of the language released, with various other security fixes, but without a patch for the CVE-2012-1863 bug. Right now, there is no patch available for the flaw discovered by the Eindbazen team, however they list a couple of technical workarounds in their post and have produced a file that includes both of them that users can [download](<http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/>). \n", "cvss3": {}, "published": "2012-05-03T14:09:27", "type": "threatpost", "title": "Serious Remote PHP Bug Accidentally Disclosed", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2012-1823", "CVE-2012-1863"], "modified": "2013-04-17T16:32:19", "id": "THREATPOST:219EFB4DE8A56286E444E303B599B79C", "href": "https://threatpost.com/serious-remote-php-bug-accidentally-disclosed-050312/76517/", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-06T23:03:08", "description": "**UPDATE**\u2013The developers of PHP have released new versions of the scripting language to fix a [remotely exploitable vulnerability](<https://threatpost.com/php-group-releases-new-versions-patch-doesnt-fix-cve-2012-1823-bug-050412/>) announced earlier this week that enables an attacker to pass command-line arguments to the PHP binary. The flaw has been in the code for more than eight years and The PHP Group was working on a patch for it when the bug was disclosed accidentally on Reddit. However, the team that found the bug says the new versions of PHP don\u2019t actually fix the vulnerability. \n\nThe new versions of PHP are available now and the developers recommend that users upgrade as soon as possible. PHP versions 5.3.12 and 5.4.2 both contain the fix for the vulnerability. \n\n\u201cWe\u2019ve tested this and have confirmed that the query parameters are passed to the php5-cgi binary in this configuration. Since the wrapper script merely passes all the arguments on to the actual php-cgi binary, the same problem exists with configurations where php-cgi is directly copied into the cgi-bin directory. It\u2019s interesting to note that while slashes get added to any shell metacharacters we pass in the query string, spaces and dashes (\u2018-\u2019) are not escaped. So we can pass as many options to PHP as we want!\u201d the team that discovered the flaw, known as [Eindbazen](<http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/>), wrote in their analysis of the bug. \n\nEindbazen said in an updated post that the PHP patch isn\u2019t sufficient to fix the bug.\n\n\u201cThe new PHP release is buggy. You can use their mitigation mod_rewrite rule, but the patch and new released versions do not fix the problem. At the bottom we have added a version of the PHP patch that fixes the obvious problem with the patch merged in the recently released security update,\u201d the team said. \n\nThe PHP Group is working on a new fix for the vulnerability now.\n\n\u201cWe have received word that new PHP updates with the revised fix will be released soon. The issue that this problem was not properly fixed by the original security update is being tracked as CVE-2012-2311,\u201d Eindbazen said.\n\nThe PHP Group also had some other problems this week, specifically a problem in its internal bug-handling system that resulted in the private discussion on the CVE-2012-1823 vulnerability being marked as public. That led to the bug being posted to Reddit. The Eindbazen team then posted the details of the bug, which they had discovered in January during a capture the flag contest.\n\n\u201cThere is a vulnerability in certain CGI-based setups **(Apache+mod_php and nginx+php-fpm are not affected)** that has gone unnoticed for at least 8 years. [Section 7 of the CGI spec](<http://tools.ietf.org/html/draft-robinson-www-interface-00#section-7>) states:\n\nSome systems support a method for supplying a [sic] array of strings to the CGI script. This is only used in the case of an `indexed\u2019 query. This is identified by a \u201cGET\u201d or \u201cHEAD\u201d HTTP request with a URL search string not containing any unencoded \u201c=\u201d characters.\n\nSo, requests that do not have a \u201c=\u201d in the query string are treated differently from those who do in some CGI implementations. For PHP this means that a request containing ?-s may dump the PHP source code for the page, but a request that has ?-s&=1 is fine.\n\nA large number of sites run PHP as either an Apache module through mod_php or using php-fpm under nginx. Neither of these setups are vulnerable to this. Straight shebang-style CGI also does not appear to be vulnerable,\u201d the [PHP Group](<http://www.php.net/archive/2012.php#id2012-05-03-1>) said in its release notes for the new versions. \u201cIf you are using Apache mod_cgi to run PHP you may be vulnerable. To see if you are, just add ?-s to the end of any of your URLs. If you see your source code, you are vulnerable. If your site renders normally, you are not.\n\nThe PHP developers said that while the new versions of the language should work for most users, it may not be feasible for some users to update much older versions of PHP. In that case, users can deploy a workaround.\n\n\u201cAn alternative is to configure your web server to not let these types of requests with query strings starting with a \u201c-\u201d and not containing a \u201c=\u201d through. Adding a rule like this should not break any sites,\u201d they said.\n", "cvss3": {}, "published": "2012-05-04T14:26:46", "type": "threatpost", "title": "PHP Group Releases New Versions, But Patch Doesn't Fix CVE-2012-1823 Bug", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2012-1823", "CVE-2012-1863", "CVE-2012-2311"], "modified": "2013-04-17T16:32:18", "id": "THREATPOST:9FD19F2ACF1E3C44BAE775A250F1E132", "href": "https://threatpost.com/php-group-releases-new-versions-patch-doesnt-fix-cve-2012-1823-bug-050412/76524/", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-06T23:03:06", "description": "For the second time in less than a week, the developers of PHP have released new versions of the language that include a fix for the remotely exploitable vulnerability that was disclosed last week. The group is encouraging users to upgrade to PHP 5.4.3 or 5.3.13 immediately. \n\nThe [vulnerability affects PHP](<https://threatpost.com/another-set-php-releases-pushed-out-fix-cve-2012-1823-flaw-050912/>) sites in CGI-based setups and can enable an attacker to get access to the site\u2019s source code by passing certain queries to the PHP binary as command-line arguments. The bug was disclosed last week before a patch was available through a mistake in the PHP Group\u2019s internal bug-handling system.\n\n\u201cThe PHP development team would like to announce the immediate availability of PHP 5.4.3 and PHP 5.3.13. All users are encouraged to upgrade to PHP 5.4.3 or PHP 5.3.13\n\nThe releases complete a fix for a [vulnerability](<http://www.php.net/archive/2012.php#id2012-05-03-1>) in CGI-based setups (CVE-2012-2311). _Note: mod_php and php-fpm are not vulnerable to this attack,\u201d _the PHP developers said.\n\n\u201cPHP 5.4.3 fixes a buffer overflow vulnerability in the [apache_request_headers()](<http://php.net/manual/function.apache-request-headers.php>) (CVE-2012-2329). The PHP 5.3 series is not vulnerable to this issue.\u201d\n\nThe PHP Group [released a fix for the bug](<https://threatpost.com/php-group-set-release-another-patch-cve-2012-1823-flaw-050812/>) late last week, but the researchers who discovered the flaw originally found that the new versions didn\u2019t completely address the problem and still left vulnerable sites exposed to attack. There are mitigations available for the bug, as explained by the [Eindbazen](<http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/>) team that found the flaw, but users should upgrade their installations as soon as they can.\n", "cvss3": {}, "published": "2012-05-09T14:32:23", "type": "threatpost", "title": "Another Set of PHP Releases Pushed Out to Fix CVE-2012-1823 Flaw", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2012-1823", "CVE-2012-1863", "CVE-2012-2311", "CVE-2012-2329"], "modified": "2013-04-17T16:32:16", "id": "THREATPOST:3EEA9D9B7CBDC9687FD961AD1AF59EF5", "href": "https://threatpost.com/another-set-php-releases-pushed-out-fix-cve-2012-1823-flaw-050912/76544/", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:47", "description": "Crossite scripting, URL redirection.", "cvss3": {}, "published": "2012-07-11T00:00:00", "type": "securityvulns", "title": "Microsoft Sharepoint multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2012-1862", "CVE-2012-1858", "CVE-2012-1863", "CVE-2012-1861", "CVE-2012-1860", "CVE-2012-1859"], "modified": "2012-07-11T00:00:00", "id": "SECURITYVULNS:VULN:12466", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12466", "sourceData": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "mskb": [{"lastseen": "2021-01-01T22:39:07", "description": "<html><body><p>Describes vulnerabilities in SharePoint could allow elevation of privilege, and was released on July 10, 2012.</p><h2>INTRODUCTION</h2><div class=\"kb-summary-section section\">Microsoft has released security bulletin MS12-050. To view the complete security bulletin, go to one of the following Microsoft websites:\u00a0<ul class=\"sbody-free_list\"><li>Home users:<div class=\"indent\"><a href=\"http://www.microsoft.com/security/pc-security/bulletins/201207.aspx\" id=\"kb-link-1\" target=\"_self\">http://www.microsoft.com/security/pc-security/bulletins/201207.aspx</a></div><span class=\"text-base\">Skip the details</span>: Download the updates for your home computer or laptop from the Microsoft Update website now:<br/><div class=\"indent\"><a href=\"http://update.microsoft.com/microsoftupdate/\" id=\"kb-link-2\" target=\"_self\">http://update.microsoft.com/microsoftupdate/</a></div></li><li>IT professionals:<div class=\"indent\"><a href=\"http://technet.microsoft.com/security/bulletin/ms12-050\" id=\"kb-link-3\" target=\"_self\">http://technet.microsoft.com/security/bulletin/MS12-050</a></div></li></ul><h3 class=\"sbody-h3\">How to obtain help and support for this security update</h3> Help installing updates: <a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-4\" target=\"_self\">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals: <br/><a href=\"http://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-5\" target=\"_self\">TechNet Security Troubleshooting and Support</a><br/><br/>Help protect your computer that is running Windows from viruses and malware:<br/><a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-6\" target=\"_self\">Virus Solution and Security Center</a><br/><br/>Local support according to your country: <br/><a href=\"https://support.microsoft.com/common/international.aspx\" id=\"kb-link-7\" target=\"_self\">International Support</a><br/><br/></div><h2></h2><div class=\"kb-moreinformation-section section\"><h4 class=\"sbody-h4\">Known issues and additional information about this security update</h4> <br/> <br/><br/> The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link.<ul class=\"sbody-free_list\"><li><a href=\"https://support.microsoft.com/en-us/help/2553194\" id=\"kb-link-8\">2553194 </a> MS12-050: Description of the security update for SharePoint Server 2010 (coreserverloc): July 10, 2012<br/><br/>Known issues in security update 2553194: <br/><ul class=\"sbody-free_list\"><li>After you install this security update on all SharePoint servers, you have to run the PSconfig tool to complete the installation. For more information about how to use the PSconfig tool, go to the following TechNet webpage:<div class=\"indent\"><a href=\"http://technet.microsoft.com/en-us/library/cc263093.aspx\" id=\"kb-link-9\" target=\"_self\">PSconfig command-line reference (SharePoint Server 2010)</a></div></li></ul></li><li><a href=\"https://support.microsoft.com/en-us/help/2553322\" id=\"kb-link-10\">2553322 </a> MS12-050: Description of the security update for InfoPath 2010: July 10, 2012 </li><li><a href=\"https://support.microsoft.com/en-us/help/2553365\" id=\"kb-link-11\">2553365 </a> MS12-050: Description of the security update for SharePoint Foundation 2010: July 10, 2012<br/><br/>Known issues in security update 2553365: <ul class=\"sbody-free_list\"><li>After you install this security update on all SharePoint servers, you have to run the PSconfig tool to complete the installation. For more information about how to use the PSconfig tool, go to the following TechNet webpage:\u00a0<div class=\"indent\"><a href=\"http://technet.microsoft.com/en-us/library/cc263093.aspx\" id=\"kb-link-12\" target=\"_self\">PSconfig command-line reference (SharePoint Server 2010)</a></div></li></ul></li><li><a href=\"https://support.microsoft.com/en-us/help/2553424\" id=\"kb-link-13\">2553424 </a> MS12-050: Description of the security update for SharePoint Server 2010 (wosrv): July 10, 2012<br/><br/>Known issues in security update 2553424: <ul class=\"sbody-free_list\"><li>After you install this security update on all SharePoint servers, you have to run the PSconfig tool to complete the installation. For more information about how to use the PSconfig tool, go to the following TechNet webpage:\u00a0<div class=\"indent\"><a href=\"http://technet.microsoft.com/en-us/library/cc263093.aspx\" id=\"kb-link-14\" target=\"_self\">PSconfig command-line reference (SharePoint Server 2010)</a></div></li></ul></li><li><a href=\"https://support.microsoft.com/en-us/help/2553431\" id=\"kb-link-15\">2553431 </a> MS12-050: Description of the security update for InfoPath 2010: July 10, 2012<br/><br/>Known issues in security update 2553431: <ul class=\"sbody-free_list\"><li>Windows Update will offer this security update to all systems that are running InfoPath 2010. However, the security update is required only for systems that are running Visual Studio Tool for Applications (VSTA). This security update can be installed on any system that is running InfoPath 2010. However, binaries are updated only on systems that are running VSTA.<br/><br/><span class=\"text-base\">Note </span>If you install this security update on a system that is running InfoPath 2010 without VSTA and then you install VSTA, you do not have to reinstall this security update.</li></ul></li><li><a href=\"https://support.microsoft.com/en-us/help/2589325\" id=\"kb-link-16\">2589325 </a> MS12-050: Description of the security update for Groove Server 2010: July 10, 2012<br/><br/>Known issues in security update 2589325: <ul class=\"sbody-free_list\"><li>If you install any previously released Groove server update before you install this security update, then you may see multiple entries for this security update may appear in <strong class=\"uiterm\">Add or Remove Programs</strong>.</li><li>The Groove security update does not appear in <span class=\"sbody-userinput\">Add or Remove Programs</span>. To determine whether the update is installed, the system administrator can open the SharePoint Configuration Manager console.</li></ul></li><li><a href=\"https://support.microsoft.com/en-us/help/2596663\" id=\"kb-link-17\">2596663 </a> MS12-050: Description of the security update for SharePoint Server 2007 Service Pack 2 (coreserver): July 10, 2012</li><li><a href=\"https://support.microsoft.com/en-us/help/2596666\" id=\"kb-link-18\">2596666 </a> MS12-050: Description of the security update for InfoPath 2007: July 10, 2012<br/><br/>Known issues in security update 2596666: <ul class=\"sbody-free_list\"><li>Windows Update will offer this security update to all systems that are running InfoPath 2010. However, the security update is required only for systems that are running Visual Studio Tool for Applications (VSTA). This security update can be installed on any system that is running InfoPath 2010. However, binaries are updated only on systems that are running VSTA.<br/><br/><span class=\"text-base\">Note </span>If you install this security update on a system that is running InfoPath 2010 without VSTA and then you install VSTA, you do not have to reinstall this security update.</li></ul></li><li><a href=\"https://support.microsoft.com/en-us/help/2596786\" id=\"kb-link-19\">2596786 </a> MS12-050: Description of the security update for InfoPath 2007 (IPEditor): July 10, 2012<br/><br/>Known issues in security update 2596786: <ul class=\"sbody-free_list\"><li>Windows Update will offer this security update to all systems that are running InfoPath 2010. However, the security update is required only for systems that are running Visual Studio Tool for Applications (VSTA). This security update can be installed on any system that is running InfoPath 2010. However, binaries are updated only on systems that are running VSTA.<br/><br/><span class=\"text-base\">Note </span>If you install this security update on a system that is running InfoPath 2010 without VSTA and then you install VSTA, you do not have to reinstall this security update.</li></ul></li><li><a href=\"https://support.microsoft.com/en-us/help/2596911\" id=\"kb-link-20\">2596911 </a> MS12-050: Description of the security update for Windows SharePoint Services 3.0: July 10, 2012</li><li><a href=\"https://support.microsoft.com/en-us/help/2596942\" id=\"kb-link-21\">2596942 </a> MS12-050: Description of the security update for Office SharePoint Server 2007 Service Pack 2 (xlsrvwfe): July 10, 2012</li><li><a href=\"https://support.microsoft.com/en-us/help/2598239\" id=\"kb-link-22\">2598239 </a> MS12-050: Description of the security update for SharePoint Server 2010: July 10, 2012<br/><br/>Known issues in security update 2598239: <ul class=\"sbody-free_list\"><li>After you install this security update on all SharePoint servers, you have to run the PSconfig tool to complete the installation. For more information about how to use the PSconfig tool, go to the following TechNet webpage:\u00a0<div class=\"indent\"><a href=\"http://technet.microsoft.com/en-us/library/cc263093.aspx\" id=\"kb-link-23\" target=\"_self\">PSconfig command-line reference (SharePoint Server 2010)</a></div></li></ul></li><li><a href=\"https://support.microsoft.com/en-us/help/2760604\" id=\"kb-link-24\">2760604 </a> MS12-050: Description of the security update for Microsoft Windows SharePoint Services 2.0 SP3: December 11, 2012</li></ul><span></span><br/><h4 class=\"sbody-h4\">File hash information</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">SHA1 hash</th><th class=\"sbody-th\">SHA256 hash</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-ara.exe</td><td class=\"sbody-td\">944FFC7C1BCC35C796EE1CAEC3D977EA23BE3591</td><td class=\"sbody-td\">5736A05A0858EB07A8239C60593A4D6BD230BA54A3E16274A0773D93EE930570</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-bgr.exe</td><td class=\"sbody-td\">1EF35C81A8B2DF79AD99682D0984731216264B4B</td><td class=\"sbody-td\">45539094870B351DE90768D3E3156E0A825C7F371B415E75E64D405314030139</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-chs.exe</td><td class=\"sbody-td\">F11BB8837A560E4A0BC424D95BEC68E9D74AE377</td><td class=\"sbody-td\">F869A0A164A91A014D2AB1A7492F25363FD6CBFB83F8E4D44E3FFAC96C496D31</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-cht.exe</td><td class=\"sbody-td\">970CF05CCF910C9FF0431DCFC85F085F977AF542</td><td class=\"sbody-td\">22F3DC70AB127BB881DC166CDD771291EE833C7DA207482FEF84D11E0F3A8156</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-csy.exe</td><td class=\"sbody-td\">F49D9534D20C6E8F23C53FB8D226446C8D9EC441</td><td class=\"sbody-td\">18CB0ABCB54DC278D8C314B778999A5AED34948922C3DC9B0E512E0D0F9EEE77</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-dan.exe</td><td class=\"sbody-td\">19FA51E5995EA5EA3EAE16C540BF82550CE107E3</td><td class=\"sbody-td\">0D61FF387EE6507D2840F149A5063DD2C597E21DFF70F8F7AA960B65D36CBB5D</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-deu.exe</td><td class=\"sbody-td\">4D81FFAC740D198A7B66DA296EF9427F9B11CFA2</td><td class=\"sbody-td\">C17A570B8E850D10000BBC4BBA14D6B78C03F267AA6FB169D0E4DF3B5656161F</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-ell.exe</td><td class=\"sbody-td\">03973E73A4AB0E7F0B72D478B61538764AE5E547</td><td class=\"sbody-td\">485CD52BB0B9930C63530F38B7917E6774F548D26766CA40ECAF61377B5945A9</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-enu.exe</td><td class=\"sbody-td\">8CDCE452A26ECC14A0BBBFA80B43CE48F224A6CA</td><td class=\"sbody-td\">2C21C95770D60BA08EBDA7965BC38625E20684BAB4E43E37C70673E133BF9F4F</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-esn.exe</td><td class=\"sbody-td\">FA1B8FE9E815E75E3BD2F24C0C9E559A9E20B4C0</td><td class=\"sbody-td\">0C71F483FE72EAD5BE870EA1A8E9DC60C369FC5FC33733D0D02C629C3E7FF731</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-eti.exe</td><td class=\"sbody-td\">044DA3C7C9A238869D124D697DBEC06B4EA257C3</td><td class=\"sbody-td\">D6755EB7FD5E195A9CD2ADA1E5CA937A2B365AC6DB91AA4342AF4D2818E35D69</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-fin.exe</td><td class=\"sbody-td\">1867C849389450286FEE99C95CD881DA9CFFB708</td><td class=\"sbody-td\">8866AD99D8D83DE3271366399BD1B7998257E15E39A82ED0CB2C9E1DCC6AA943</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-fra.exe</td><td class=\"sbody-td\">777EA2C387B381768D1111E607779E70E41FDF1F</td><td class=\"sbody-td\">744ACE78426672E9EC75817E5D4D3B412DD272B7384C80190BE0B6FA2DB73BE7</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-heb.exe</td><td class=\"sbody-td\">BDC9CAA8D266554B0ED9694562EB4E9B9C7368D1</td><td class=\"sbody-td\">7F7C8210CF6991AFFF14703E780E1191306B1856B00B95BC2F27B7EE59B5FB7E</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-hin.exe</td><td class=\"sbody-td\">0B68573CDAAC765D4ABF325CD3996D1E2E667A17</td><td class=\"sbody-td\">F32BBA4CE8B5861F180261676CA6B44F1DAC36F9175D176EC69062A975C197AC</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-hrv.exe</td><td class=\"sbody-td\">A0917833FD05D8C9175EBAA73BA83CD1C1A25F30</td><td class=\"sbody-td\">FCD5ADF13D09A8DCEC75210F4A452405C8266BB8476EBC4B54D5146BAA2FF8E7</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-hun.exe</td><td class=\"sbody-td\">8329B99DEF9698D3E1D9260DD7F491B99C519584</td><td class=\"sbody-td\">AAB418A8CB3658D061B7356AA3AC1FB0F2A9D68632EEE2664900A1535C46D2A4</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-ita.exe</td><td class=\"sbody-td\">DC7A8679DFB3D21E796A6E61C201437EA1AA5C2F</td><td class=\"sbody-td\">F1D53091A9F95E970642C3A4F612237DAF5BA24414A3F1E9B7A8D8F21F5248F5</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-jpn.exe</td><td class=\"sbody-td\">563502557130AFE06614CDB1CE2FFBA352B74739</td><td class=\"sbody-td\">58F48E2973284C3DAC005B7DB1B3DD9C64FB6F898A027F167E335C3B566FE69C</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-kor.exe</td><td class=\"sbody-td\">A7BD3032953031CDC511666250AECE3F87C64F0B</td><td class=\"sbody-td\">88B675F6DC0F393725B135C1FD7DBBE3F46289221803FF547669A1388EAA996C</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-lth.exe</td><td class=\"sbody-td\">963D99379FF4515725F8DD1594872EB0973E42A4</td><td class=\"sbody-td\">DE8E907C37917D93DA25FEBDB2C7E5A033E486D1D1B2A7D97001486FD0467DAB</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-lvi.exe</td><td class=\"sbody-td\">40B44B094CD1ABDF693AC0C44429888EB07B99F6</td><td class=\"sbody-td\">13841434EA8994760EEF0C7626FAA473F582763B9B9214C94F53B0BEFEFA28BF</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-nld.exe</td><td class=\"sbody-td\">F4F356BC58494D3EB2146955A512163473F5C18C</td><td class=\"sbody-td\">5BBD181CD9F4B518751A47A5F59D821D3F486763CE2050F34173C4F377C1765A</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-nor.exe</td><td class=\"sbody-td\">1BFDAC7CA337DD926FA851DFC44B6C8EB3787D44</td><td class=\"sbody-td\">1855342D407C705D8AA1EE14030C2BFF23E4A1022A87D0121EA937EFC0A5735A</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-plk.exe</td><td class=\"sbody-td\">854ACEEC4ED26C8F2AF6115F8357D3E18D95BF46</td><td class=\"sbody-td\">266194456C096A44F03C180744B74A0A9827F34BA79DB5FC857D271B11FDC2D0</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-ptb.exe</td><td class=\"sbody-td\">80AFB3A70ADD47AF15C5C811298248DA06BFE60F</td><td class=\"sbody-td\">65CEF35AB79343C01CA79C550A4AB72F9F5A1EF786F539BFF6484450C0A05AFF</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-ptg.exe</td><td class=\"sbody-td\">064033EDCD99453BDA48A6EF012F76E0FFC1422C</td><td class=\"sbody-td\">6C4BC8DA2B32B3F854D70DF23AEB9BF0A715B7DAC9F35C6399B2D0DEA7E9FB0A</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-rom.exe</td><td class=\"sbody-td\">FF36147DCBB752ACE97C682B1D8B8935A848C5D0</td><td class=\"sbody-td\">4128BAD2C2DDD45017530CECC0C2A7ADC0B88D3BCF5072170FF7D97A1E9BF26D</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-rus.exe</td><td class=\"sbody-td\">35B3BDC570F6D82475A62C38171260B24BE2266B</td><td class=\"sbody-td\">4391A7761F2DB2FB3058FCA6E306519DA44EAEBDE2A990B520FA1EE3F60E360E</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-sky.exe</td><td class=\"sbody-td\">1D5A41747ABC246F69A1C61E36B524604E5A0FEC</td><td class=\"sbody-td\">B598C60AD4FE2C82A7B43D390B32D6917A2637378B679A11C8D52E433840507F</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-slv.exe</td><td class=\"sbody-td\">CE0131A5858230363BFDD3BF6EA399ABDE1378BC</td><td class=\"sbody-td\">3605324E72645A7E126E037DCBC79827DE28DDD364C95DB79FB416402462EAEF</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-srl.exe</td><td class=\"sbody-td\">AD4A19231C72A880D361BFF018773F3486BED26C</td><td class=\"sbody-td\">A1B5F71EDEB27A906C98438E3429882C82EC60CF58815EE10AE6BADAD97B949E</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-sve.exe</td><td class=\"sbody-td\">94575D9AEC7CC927278BA869A31EEB42A760D324</td><td class=\"sbody-td\">CEC7BFD45C09D1E52F1DD4137B558D9D7B9613353B26C2C54A652E80C5FCFD68</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-tha.exe</td><td class=\"sbody-td\">6999EECC0D501ABFF9B490203C5E2016E1617B99</td><td class=\"sbody-td\">B6D0DF67C45B6F5C1368C3B23AB624DB6127B03D5C980FC29D842488FAC27205</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-trk.exe</td><td class=\"sbody-td\">B62A256B76FBEE70FB51EF41700D164B9DF1B548</td><td class=\"sbody-td\">309659C1C8060265A6DB0C6C31F89720A61F8DD065FA3DCD8A9AC5CA389FCB4F</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-ukr.exe</td><td class=\"sbody-td\">92C0AD7EE66A4E20AC22D23CCA4D405FB53ED927</td><td class=\"sbody-td\">8C1EC306BA0883730D2D5C554DD9116998C2F11B816D20A236A78E7EF671CEE4</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2003-kb2760604-fullfile-zhh.exe</td><td class=\"sbody-td\">18B05B146DE37B421C37EDB2CC8801884044B8B5</td><td class=\"sbody-td\">3402D3016F8500DDC25E566D50CB91130885BE25A509643BA96F9B9D8DB3FA24</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">coreserver2007-kb2596663-fullfile-x64-glb.exe</td><td class=\"sbody-td\">B4B8C2D03393AFAE2D609B3E22E9C54459170AB7</td><td class=\"sbody-td\">287BA5C0B0672DB4FBF9A7C15A539F6699FA1BA91A4170B049308C52DBB0FA22</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">coreserver2007-kb2596663-fullfile-x86-glb.exe</td><td class=\"sbody-td\">459B707CC63E3F0B38D87BA0968D89C7D7766707</td><td class=\"sbody-td\">0B187B5ACC20FC8EBC4CCC1BF658D51E4A4DA4F564C2CA1B92B432A0C40C6D2C</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">coreserverloc2010-kb2553194-fullfile-x64-glb.exe</td><td class=\"sbody-td\">92515E81643BBB6DDFFEB3D6295645322BE1C094</td><td class=\"sbody-td\">D29D2A72BAE50717011AC007AEACD1B69E802FD5E4D4AC3A0A7DB27488EDEB0F</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">emsgrs2010-kb2589325-fullfile-x64-glb.exe</td><td class=\"sbody-td\">C40B9731DA0D72958E97C37C8562676E9035DF1E</td><td class=\"sbody-td\">98D9F03A1B94B0C6085E320A760F64391A1E6F34064666D140E55252F1B2908C</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">infopath2007-kb2596666-fullfile-x86-glb.exe</td><td class=\"sbody-td\">6089333AEB61B4F0613898C33F8583A15957D782</td><td class=\"sbody-td\">C6440DAB225C67F0C290A1AD0B85C72BA3C6B2F813B0901B04FCABDF1FC9B086</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">infopath2010-kb2553431-fullfile-x64-glb.exe</td><td class=\"sbody-td\">CF9C2F85761B14386A848CD89E5C517F632ECF08</td><td class=\"sbody-td\">6A16C443958BEFAE24E861E053B04EB09CB78A777DAF9A7C603E70DAAD6E5D2D</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">infopath2010-kb2553431-fullfile-x86-glb.exe</td><td class=\"sbody-td\">C1CF3BFC26754C57F8A5C111C014015BEC5D6D3B</td><td class=\"sbody-td\">8AACEAE7227509C592442829FA06D6924E48C8E15D5238C79104E9C716ADA5D9</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ipeditor2007-kb2596786-fullfile-x86-glb.exe</td><td class=\"sbody-td\">C098589CFF0B676B80C4C5B2E145B9BD93E2C355</td><td class=\"sbody-td\">6611329D0E156EB2DC01584F9ED1EF72BD08D81FE083FFC57ACD541BB0D31700</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ipeditor2010-kb2553322-fullfile-x64-glb.exe</td><td class=\"sbody-td\">CE8A14DBFA1513CF843B37B30113A37DE5EB33FF</td><td class=\"sbody-td\">B721DCF88277D1271DE22C3A1E7869389C3EB976BDE8C7176CD74C0E322ACC35</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ipeditor2010-kb2553322-fullfile-x86-glb.exe</td><td class=\"sbody-td\">2C9EC3F1D70A4E04A15D81DC6AE75ABEC168E700</td><td class=\"sbody-td\">5F269A2559012056B6F16DB638365F7225C143B524AFC0DA77331671933952EF</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">sts-x-none-x64.cab</td><td class=\"sbody-td\">C093C7C13D7CB01D5F7B2F244399DBC34BB10D20</td><td class=\"sbody-td\">05853D2678F4D335A0BCFC1AA74E79D980072A7F23CAABF64C2635675210F54C</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">sts-x-none-x86.cab</td><td class=\"sbody-td\">13258CA09C2D2A019C5E1F7EEFD53378B53A93CA</td><td class=\"sbody-td\">CFE52C1389B605C1E3AAB0024D7C771828E799F5F8FD1C4C010F3A86992B4560</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">sts2007-kb2596911-fullfile-x64-glb.exe</td><td class=\"sbody-td\">302CB71DCB952EB7AE2BB7A0DFCB3826488DFFD9</td><td class=\"sbody-td\">E01E674F45D599895EA65579874D22F3A990E385EBAABA69FEE232095147DF4E</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">sts2007-kb2596911-fullfile-x86-glb.exe</td><td class=\"sbody-td\">3B815B9647BB14E549B89BF61E26AF34BCE63006</td><td class=\"sbody-td\">DE51614C7107B26600E44AE5AE6AA12B6D4BC2E5C2BD84ADCFD39E409529371C</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wac2010-kb2598239-fullfile-x64-glb.exe</td><td class=\"sbody-td\">5DA77BDDC33BA933C94C5922FD037796A74CDD50</td><td class=\"sbody-td\">60E369CA03A8237938070573F31DCB1AFCFAD738616C6F2E75B7D6CBFCEEC184</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wosrv2010-kb2553424-fullfile-x64-glb.exe</td><td class=\"sbody-td\">6DF33A7F0FCD21696C581DA461805BC245D5E5D4</td><td class=\"sbody-td\">057090BC16ED1EB4974ABA40E2FC79AB4AED3D431E2224002F6402847439A2E0</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wss2010-kb2553365-fullfile-x64-glb.exe</td><td class=\"sbody-td\">1974AEBB7C576D58499CDEDB25C426FAAEDA0C57</td><td class=\"sbody-td\">CC9980F485D951CFAD7E2B9FB93F70C1703C8DEC1E4EB91AD5EB7DC8F95BCE39</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">xlsrvwfe2007-kb2596942-fullfile-x64-glb.exe</td><td class=\"sbody-td\">3D987EDEAE127AA515409E02448A3CFDE785EF79</td><td class=\"sbody-td\">E895F8A3E13B19D0A48F64194B712F5CB00B4EF532038EBEF9EAB8BB3E80105D</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">xlsrvwfe2007-kb2596942-fullfile-x86-glb.exe</td><td class=\"sbody-td\">F54164686BC47A54EB7CD22096DCE7932DD60F3A</td><td class=\"sbody-td\">C3F8E89D78BFC09257F5E97E9CEA68567225506366B4DFE8CC9586EF2226FBF9</td></tr></table></div></div></body></html>", "edition": 2, "cvss3": {}, "published": "2012-07-10T00:00:00", "type": "mskb", "title": "MS12-050: Vulnerabilities in SharePoint could allow elevation of privilege: July 10, 2012", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1862", "CVE-2012-1858", "CVE-2012-1863", "CVE-2012-1861", "CVE-2012-1860", "CVE-2012-1859"], "modified": "2012-12-11T20:04:29", "id": "KB2695502", "href": "https://support.microsoft.com/en-us/help/2695502/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-05-19T17:41:45", "description": "This host is missing an important security update according to\n Microsoft Bulletin MS12-050.", "cvss3": {}, "published": "2012-07-11T00:00:00", "type": "openvas", "title": "Microsoft SharePoint Multiple Privilege Elevation Vulnerabilities (2695502)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1862", "CVE-2012-1858", "CVE-2012-1863", "CVE-2012-1861", "CVE-2012-1860", "CVE-2012-1859"], "modified": "2020-05-15T00:00:00", "id": "OPENVAS:1361412562310902847", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902847", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft SharePoint Multiple Privilege Elevation Vulnerabilities (2695502)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902847\");\n script_version(\"2020-05-15T08:09:24+0000\");\n script_bugtraq_id(53842, 54312, 54313, 54314, 54315, 54316);\n script_cve_id(\"CVE-2012-1858\", \"CVE-2012-1859\", \"CVE-2012-1860\", \"CVE-2012-1861\",\n \"CVE-2012-1862\", \"CVE-2012-1863\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-15 08:09:24 +0000 (Fri, 15 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-07-11 11:11:11 +0530 (Wed, 11 Jul 2012)\");\n script_name(\"Microsoft SharePoint Multiple Privilege Elevation Vulnerabilities (2695502)\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1027232\");\n script_xref(name:\"URL\", value:\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\", \"gb_ms_sharepoint_sever_n_foundation_detect.nasl\", \"secpod_office_products_version_900032.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow an attacker to bypass certain security\n restrictions and conduct cross-site scripting and spoofing attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft InfoPath 2010\n\n - Microsoft Groove Server 2010\n\n - Microsoft Office Web Apps 2010\n\n - Microsoft SharePoint Server 2010\n\n - Microsoft SharePoint Foundation 2010\n\n - Microsoft InfoPath 2007 Service Pack 2\n\n - Microsoft InfoPath 2007 Service Pack 3\n\n - Microsoft InfoPath 2010 Service Pack 1\n\n - Microsoft Groove Server 2010 Service Pack 1\n\n - Microsoft Office Web Apps 2010 Service Pack 1\n\n - Microsoft SharePoint Server 2010 Service Pack 1\n\n - Microsoft SharePoint Foundation 2010 Service Pack 1\n\n - Microsoft Office SharePoint Server 2007 Service Pack 2\n\n - Microsoft Office SharePoint Server 2007 Service Pack 3\n\n - Microsoft Windows SharePoint Services 3.0 Service Pack 2\");\n\n script_tag(name:\"insight\", value:\"- Certain input is not properly sanitised in the 'SafeHTML' API before being\n returned to the user.\n\n - Certain unspecified input is not properly sanitised in scriptresx.ashx\n before being returned to the user. This can be exploited to execute\n arbitrary HTML and script code in a user's browser session in context of\n an affected site.\n\n - An error when validating search scope permissions can be exploited to view\n or modify another user's search scope.\n\n - Certain unspecified input associated with a username is not properly\n sanitised before being returned to the user. This can be exploited to\n execute arbitrary HTML and script code in a user's browser session in\n context of an affected site.\n\n - Certain unspecified input associated with a URL is not properly verified\n before being used to redirect users. This can be exploited to redirect a\n user to an arbitrary website.\n\n - Certain unspecified input associated with a reflected list parameter is\n not properly sanitised before being returned to the user. This can be\n exploited to execute arbitrary HTML and script code in a user's browser\n session in context of an affected site.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security update according to\n Microsoft Bulletin MS12-050.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n## InfoPath 2007 and InfoPath 2010\nkeys = make_list(\"SOFTWARE\\Microsoft\\Office\\12.0\\InfoPath\\InstallRoot\",\n \"SOFTWARE\\Microsoft\\Office\\14.0\\InfoPath\\InstallRoot\");\nforeach key(keys)\n{\n if(registry_key_exists(key:key))\n {\n infoPath = registry_get_sz(key:key, item:\"Path\");\n\n if(infoPath)\n {\n exeVer = fetch_file_version(sysPath:infoPath, file_name:\"Infopath.Exe\");\n dllVer = fetch_file_version(sysPath:infoPath, file_name:\"Ipeditor.dll\");\n if((exeVer &&\n (version_in_range(version:exeVer, test_version:\"12.0\", test_version2:\"12.0.6661.4999\") ||\n version_in_range(version:exeVer, test_version:\"14.0\", test_version2:\"14.0.6120.4999\"))) ||\n (dllVer &&\n (version_in_range(version:dllVer, test_version:\"12.0\", test_version2:\"12.0.6661.4999\") ||\n version_in_range(version:dllVer, test_version:\"14.0\", test_version2:\"14.0.6120.4999\"))))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n }\n}\n\n## Microsoft Groove 2010\nexeVer = get_kb_item(\"SMB/Office/Groove/Version\");\nif(exeVer && exeVer =~ \"^14\\.\")\n{\n key = \"SOFTWARE\\Microsoft\\Office Server\\14.0\\Groove\";\n if(registry_key_exists(key:key))\n {\n dllPath = registry_get_sz(key:key, item:\"EMSInstallDir\");\n if(dllPath)\n {\n dllVer = fetch_file_version(sysPath:dllPath, file_name:\"groovems.dll\");\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"14.0\", test_version2:\"14.0.6116.4999\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n }\n }\n}\n\ncpe_list = make_list(\"cpe:/a:microsoft:sharepoint_server\", \"cpe:/a:microsoft:sharepoint_foundation\", \"cpe:/a:microsoft:sharepoint_services\");\n\nif(!infos = get_app_version_and_location_from_list(cpe_list:cpe_list, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\ncpe = infos[\"cpe\"];\n\n## SharePoint Server 2007 and 2010\nif(\"cpe:/a:microsoft:sharepoint_server\" >< cpe)\n{\n ## SharePoint Server 2007 Service Pack 2 (coreserver)\n if(vers =~ \"^12\\.\"){\n key = \"SOFTWARE\\Microsoft\\Office Server\\12.0\";\n file = \"Microsoft.sharepoint.publishing.dll\";\n }\n\n ## SharePoint Server 2010 (wosrv)\n else if(vers =~ \"^14\\.\"){\n key = \"SOFTWARE\\Microsoft\\Office Server\\14.0\";\n file = \"Microsoft.office.server.native.dll\";\n }\n\n if(key && registry_key_exists(key:key) && file)\n {\n if(path = registry_get_sz(key:key, item:\"BinPath\"))\n {\n dllVer = fetch_file_version(sysPath:path, file_name:file);\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"12.0\", test_version2:\"12.0.6660.4999\") ||\n version_in_range(version:dllVer, test_version:\"14.0\", test_version2:\"14.0.6108.4999\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n }\n }\n}\n\n## SharePoint Foundation 2010\nif(\"cpe:/a:microsoft:sharepoint_foundation\" >< cpe)\n{\n key = \"SOFTWARE\\Microsoft\\Shared Tools\\Web Server Extensions\\14.0\";\n if(registry_key_exists(key:key))\n {\n dllPath = registry_get_sz(key:key, item:\"Location\");\n if(dllPath)\n {\n dllVer = fetch_file_version(sysPath:dllPath, file_name:\"BIN\\Onetutil.dll\");\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"14.0\", test_version2:\"14.0.6120.5004\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n }\n }\n}\n\n## SharePoint Services 3.0 and 2.0\nif(\"cpe:/a:microsoft:sharepoint_services\" >< cpe)\n{\n key = \"SOFTWARE\\Microsoft\\Shared Tools\";\n if(registry_key_exists(key:key))\n {\n dllPath = registry_get_sz(key:key, item:\"SharedFilesDir\");\n if(dllPath)\n {\n dllVer = fetch_file_version(sysPath:dllPath, file_name:\"web server extensions\\12\\BIN\\Onetutil.dll\");\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"12.0\", test_version2:\"12.0.6661.4999\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n\n dllVer2 = fetch_file_version(sysPath:dllPath, file_name:\"web server extensions\\60\\BIN\\Onetutil.dll\");\n if(dllVer2 && dllVer2 =~ \"^11\\.0\")\n {\n if(version_is_less(version:dllVer2, test_version:\"11.0.8346.0\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n }\n }\n}\n\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-01-11T14:27:50", "description": "The versions of InfoPath, Office SharePoint Server, SharePoint Server, Groove Server, Windows SharePoint Services, SharePoint Foundation, or Office Web Apps installed on the remote host are affected by multiple privilege escalation and information disclosure vulnerabilities :\n\n - An information disclosure vulnerability exists in the way that HTML strings are sanitized. An attacker who successfully exploited this vulnerability could perform cross-site scripting attacks and run script in the security context of the logged-on user. (CVE-2012-1858)\n\n - A cross-site scripting and a privilege escalation vulnerability allow attacker-controlled JavaScript to run in the context of the user clicking a link. An anonymous attacker could also potentially issue SharePoint commands in the context of an authenticated user on the site. (CVE-2012-1859)\n\n - An information disclosure vulnerability exists in the way that SharePoint stores search scopes. An attacker could view or tamper with other users' search scopes.\n (CVE-2012-1860)\n\n - A cross-site scripting vulnerability exists that allows attacker-controlled JavaScript to run in the context of the user clicking a link. An anonymous attacker could also potentially issue SharePoint commands in the context of an authenticated user. (CVE-2012-1861)\n\n - A URL redirection vulnerability exists in SharePoint.\n The vulnerability could lead to spoofing and information disclosure and could allow an attacker to redirect a user to an external URL. (CVE-2012-1862)\n\n - A cross-site scripting vulnerability exists that allows attacker-controlled JavaScript to run in the context of the user clicking a link. An anonymous attacker could also potentially issue SharePoint commands in the context of an authenticated user. (CVE-2012-1863).", "cvss3": {}, "published": "2012-07-11T00:00:00", "type": "nessus", "title": "MS12-050: Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1858", "CVE-2012-1859", "CVE-2012-1860", "CVE-2012-1861", "CVE-2012-1862", "CVE-2012-1863"], "modified": "2019-12-04T00:00:00", "cpe": ["cpe:/a:microsoft:groove", "cpe:/a:microsoft:infopath", "cpe:/a:microsoft:office_web_apps", "cpe:/a:microsoft:sharepoint_server", "cpe:/a:microsoft:sharepoint_services", "cpe:/a:microsoft:sharepoint_foundation"], "id": "SMB_NT_MS12-050.NASL", "href": "https://www.tenable.com/plugins/nessus/59913", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59913);\n script_version(\"1.26\");\n script_cvs_date(\"Date: 2019/12/04\");\n\n script_cve_id(\n \"CVE-2012-1858\",\n \"CVE-2012-1859\",\n \"CVE-2012-1860\",\n \"CVE-2012-1861\",\n \"CVE-2012-1862\",\n \"CVE-2012-1863\"\n );\n script_bugtraq_id(\n 53842,\n 54312,\n 54313,\n 54314,\n 54315,\n 54316\n );\n script_xref(name:\"EDB-ID\", value:\"19777\");\n script_xref(name:\"MSFT\", value:\"MS12-050\");\n script_xref(name:\"MSKB\", value:\"2553194\");\n script_xref(name:\"MSKB\", value:\"2553322\");\n script_xref(name:\"MSKB\", value:\"2553365\");\n script_xref(name:\"MSKB\", value:\"2553424\");\n script_xref(name:\"MSKB\", value:\"2553431\");\n script_xref(name:\"MSKB\", value:\"2589325\");\n script_xref(name:\"MSKB\", value:\"2596663\");\n script_xref(name:\"MSKB\", value:\"2596666\");\n script_xref(name:\"MSKB\", value:\"2596786\");\n script_xref(name:\"MSKB\", value:\"2596911\");\n script_xref(name:\"MSKB\", value:\"2596942\");\n script_xref(name:\"MSKB\", value:\"2598239\");\n script_xref(name:\"MSKB\", value:\"2760604\");\n\n script_name(english:\"MS12-050: Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502)\");\n script_summary(english:\"Checks InfoPath / SharePoint / Groove / Office Web Apps version\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple privilege escalation and\ninformation disclosure vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The versions of InfoPath, Office SharePoint Server, SharePoint Server,\nGroove Server, Windows SharePoint Services, SharePoint Foundation, or\nOffice Web Apps installed on the remote host are affected by multiple\nprivilege escalation and information disclosure vulnerabilities :\n\n - An information disclosure vulnerability exists in the\n way that HTML strings are sanitized. An attacker who\n successfully exploited this vulnerability could perform\n cross-site scripting attacks and run script in the\n security context of the logged-on user. (CVE-2012-1858)\n\n - A cross-site scripting and a privilege escalation\n vulnerability allow attacker-controlled JavaScript to\n run in the context of the user clicking a link. An\n anonymous attacker could also potentially issue\n SharePoint commands in the context of an authenticated\n user on the site. (CVE-2012-1859)\n\n - An information disclosure vulnerability exists in the\n way that SharePoint stores search scopes. An attacker\n could view or tamper with other users' search scopes.\n (CVE-2012-1860)\n\n - A cross-site scripting vulnerability exists that allows\n attacker-controlled JavaScript to run in the context of\n the user clicking a link. An anonymous attacker could\n also potentially issue SharePoint commands in the\n context of an authenticated user. (CVE-2012-1861)\n\n - A URL redirection vulnerability exists in SharePoint.\n The vulnerability could lead to spoofing and information\n disclosure and could allow an attacker to redirect a\n user to an external URL. (CVE-2012-1862)\n\n - A cross-site scripting vulnerability exists that allows\n attacker-controlled JavaScript to run in the context of\n the user clicking a link. An anonymous attacker could\n also potentially issue SharePoint commands in the\n context of an authenticated user. (CVE-2012-1863).\");\n # http://blog.watchfire.com/wfblog/2012/07/tostatichtml-the-second-encounter-cve-2012-1858-html-sanitizing-information-disclosure-introduction-t.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c7d49512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-050\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for InfoPath 2007, InfoPath\n2010, Office SharePoint Server 2007, SharePoint Server 2010, Groove\nServer 2010, Windows SharePoint Services 2.0 and 3.0, SharePoint\nFoundation 2010, and Office Web Apps 2010.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-1862\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:groove\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:infopath\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office_web_apps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:sharepoint_server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:sharepoint_services\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:sharepoint_foundation\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"office_installed.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nglobal_var bulletin, vuln;\n\nfunction get_ver()\n{\n local_var fh, path, rc, share, ver;\n\n path = _FCT_ANON_ARGS[0];\n\n share = ereg_replace(pattern:\"^([A-Za-z]):.*\", replace:\"\\1$\", string:path);\n\n rc = NetUseAdd(share:share);\n if (rc != 1)\n {\n NetUseDel();\n audit(AUDIT_SHARE_FAIL, share);\n }\n\n ver = NULL;\n path = ereg_replace(string:path, pattern:\"^[A-Za-z]:(.*)\", replace:\"\\1\\\");\n\n fh = CreateFile(\n file : path,\n desired_access : GENERIC_READ,\n file_attributes : FILE_ATTRIBUTE_NORMAL,\n share_mode : FILE_SHARE_READ,\n create_disposition : OPEN_EXISTING\n );\n if (!isnull(fh))\n {\n ver = GetFileVersion(handle:fh);\n ver = join(ver, sep:\".\");\n CloseFile(handle:fh);\n }\n\n NetUseDel(close:FALSE);\n\n return ver;\n}\n\nfunction check_vuln(fix, kb, name, path, ver)\n{\n local_var info;\n\n if (isnull(ver))\n ver = get_ver(path);\n\n if (isnull(ver) || ver_compare(ver:ver, fix:fix, strict:FALSE) >= 0)\n return 0;\n\n info =\n '\\n Product : ' + name +\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fix +\n '\\n';\n hotfix_add_report(info, bulletin:bulletin, kb:kb);\n\n vuln = TRUE;\n}\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS12-050\";\nkbs = make_list(\n 2596666, 2596786, 2553431, 2553322,\n 2596663, 2596942, 2553424, 2553194,\n 2589325, 2596911, 2553365, 2598239, 2760604\n);\nif (get_kb_item(\"Host/patch_management_checks\"))\n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\", exit_code:1);\n\n# Connect to the registry.\nregistry_init();\nhklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);\n\n# Get path information for SharePoint Server 2007.\nsps_2007_path = get_registry_value(\n handle : hklm,\n item : \"SOFTWARE\\Microsoft\\Office Server\\12.0\\InstallPath\"\n);\n\n# Get path information for SharePoint Server 2010.\nsps_2010_path = get_registry_value(\n handle : hklm,\n item : \"SOFTWARE\\Microsoft\\Office Server\\14.0\\InstallPath\"\n);\n\n# Get path information for SharePoint Services 2.0\nsps_20_path = get_registry_value(\n handle : hklm,\n item : \"SOFTWARE\\Microsoft\\Shared Tools\\Web Server Extensions\\6.0\\Location\"\n);\n\n# Get path information for SharePoint Services 3.0 or SharePoint Foundation 2010.\nforeach ver (make_list(\"12.0\", \"14.0\"))\n{\n spf_2010_path = get_registry_value(\n handle : hklm,\n item : \"SOFTWARE\\Microsoft\\Shared Tools\\Web Server Extensions\\\" + ver + \"\\Location\"\n );\n\n if (spf_2010_path)\n break;\n}\n\n# Get path information for Groove Server 2010.\ngs_2010_path = get_registry_value(\n handle : hklm,\n item : \"SOFTWARE\\Microsoft\\Office Server\\14.0\\Groove\\Groove Relay\\Parameters\\InstallDir\"\n);\n\n# Close connection to registry.\nRegCloseKey(handle:hklm);\nclose_registry(close:FALSE);\n\n# Get path and version information for InfoPath.\nip_installs = get_kb_list(\"SMB/Office/InfoPath/*/ProductPath\");\n\n# Get path information for Windows.\nwindir = hotfix_get_systemroot();\nif (isnull(windir))\n exit(1, \"Failed to determine the location of %windir%.\");\n\n# Get path information for Common Files.\ncommonprogramfiles = hotfix_get_commonfilesdir();\nif (isnull(commonprogramfiles))\n exit(1, \"Failed to determine the location of %commonprogramfiles%.\");\n\n# Get path information for Office Web Apps.\nowa_2010_path = sps_2010_path;\n\nif (!isnull(ip_installs))\n{\n foreach install (keys(ip_installs))\n {\n ip_ver = install - 'SMB/Office/InfoPath/' - '/ProductPath';\n ip_path = ip_installs[install];\n if (ip_path) ip_path = ereg_replace(string:ip_path, pattern:\"(.*)(\\\\[^\\\\]+)$\", replace:\"\\1\");\n\n ######################################################################\n # InfoPath 2007 SP2 / SP3\n #\n # [KB2596666] Infopath.Exe: 12.0.6661.5000\n # [KB2596786] Ipeditor.dll: 12.0.6661.5000\n ######################################################################\n office_sp2007 = get_kb_item(\"SMB/Office/2007/SP\");\n office_sp2010 = get_kb_item(\"SMB/Office/2010/SP\");\n if (ip_ver =~ '^12\\\\.' && (!isnull(office_sp2007) && (office_sp2007 == 2 || office_sp2007 == 3)))\n {\n name = \"InfoPath 2007\";\n\n check_vuln(\n name : name,\n kb : \"2596666\",\n path : ip_path + \"\\Infopath.Exe\",\n fix : \"12.0.6661.5000\"\n );\n\n check_vuln(\n name : name,\n kb : \"2596786\",\n path : ip_path + \"\\Ipeditor.dll\",\n fix : \"12.0.6661.5000\"\n );\n }\n ######################################################################\n # InfoPath 2010 SP0 / SP1\n #\n # [KB2553431] Infopath.Exe: 14.0.6120.5000\n # [KB2553322] Ipeditor.dll: 14.0.6120.5000\n ######################################################################\n else if (ip_ver =~ '^14\\\\.' && (!isnull(office_sp2010) && (office_sp2010 == 0 || office_sp2010 == 1)))\n {\n name = \"InfoPath 2010\";\n\n check_vuln(\n name : name,\n kb : \"2553431\",\n path : ip_path + \"\\Infopath.Exe\",\n fix : \"14.0.6120.5000\"\n );\n\n check_vuln(\n name : name,\n kb : \"2553322\",\n path : ip_path + \"\\Ipeditor.dll\",\n fix : \"14.0.6120.5000\"\n );\n }\n }\n}\n\n######################################################################\n# Office SharePoint Server 2007 SP2 / SP3\n#\n# [KB2596663] Microsoft.SharePoint.Publishing.dll: 12.0.6660.5000\n# [KB2596942] Microsoft.office.excel.webui.dll: 12.0.6661.5000\n######################################################################\nif (sps_2007_path)\n{\n name = \"Office SharePoint Server 2007\";\n\n check_vuln(\n name : name,\n kb : \"2596663\",\n path : sps_2007_path + \"Bin\\Microsoft.SharePoint.Publishing.dll\",\n fix : \"12.0.6660.5000\"\n );\n\n share = ereg_replace(string:windir, pattern:\"^([A-Za-z]):.*\", replace:\"\\1$\");\n rc = NetUseAdd(share:share);\n if (rc != 1)\n {\n NetUseDel();\n audit(AUDIT_SHARE_FAIL, share);\n }\n\n dir = ereg_replace(string:windir, pattern:\"^[A-Za-z]:(.*)\", replace:\"\\1\");\n subdir = \"\\assembly\\GAC_MSIL\\Microsoft.Office.Excel.WebUI\\\";\n file = \"\\Microsoft.Office.Excel.WebUI.dll\";\n\n # Check for the DLL in each subdirectory.\n for (\n dh = FindFirstFile(pattern:dir + subdir + \"*\");\n !isnull(dh);\n dh = FindNextFile(handle:dh)\n )\n {\n # Skip non-directories.\n if (dh[2] & FILE_ATTRIBUTE_DIRECTORY == 0)\n continue;\n\n # Skip current and parent directories.\n if (dh[1] == \".\" || dh[1] == \"..\")\n continue;\n\n # Skip anything that doesn't look like the 2007 branch.\n if (dh[1] !~ \"^12\\.\")\n continue;\n\n # Get the version number from the file, if it exists.\n path = dir + subdir + dh[1] + file;\n fh = CreateFile(\n file : path,\n desired_access : GENERIC_READ,\n file_attributes : FILE_ATTRIBUTE_NORMAL,\n share_mode : FILE_SHARE_READ,\n create_disposition : OPEN_EXISTING\n );\n if (isnull(fh))\n continue;\n\n ver = GetFileVersion(handle:fh);\n CloseFile(handle:fh);\n\n check_vuln(\n name : name,\n kb : \"2596942\",\n path : windir + subdir + dh[1] + file,\n ver : join(ver, sep:\".\"),\n fix : \"12.0.6661.5000\"\n );\n }\n\n # Clean up.\n NetUseDel(close:FALSE);\n}\n\n######################################################################\n# SharePoint Server 2010 SP0 / SP1\n#\n# [KB2553424] Microsoft.resourcemanagement.dll: 4.0.2450.47\n# [KB2553194] Ssetupui.dll: 14.0.6120.5000\n######################################################################\nif (sps_2010_path)\n{\n name = \"Office SharePoint Server 2010\";\n\n check_vuln(\n name : name,\n kb : \"2553424\",\n path : sps_2010_path + \"Service\\Microsoft.resourcemanagement.dll\",\n fix : \"4.0.2450.47\"\n );\n\n check_vuln(\n name : name,\n kb : \"2553194\",\n path : commonprogramfiles + \"\\Microsoft Shared\\SERVER14\\Server Setup Controller\\WSS.en-us\\Ssetupui.dll\",\n fix : \"14.0.6120.5000\"\n );\n}\n\n######################################################################\n# Groove Server 2010 SP0 / SP1\n#\n# [KB2589325] Relay.exe: 14.0.6120.5000\n######################################################################\nif (gs_2010_path)\n{\n check_vuln(\n name : \"Groove Server 2010\",\n kb : \"2589325\",\n path : gs_2010_path + \"\\Relay.exe\",\n fix : \"14.0.6120.5000\"\n );\n}\n\n######################################################################\n# SharePoint Services 2.0\n#\n# [KB2760604] Onetutil.dll: 11.0.8346.0\n######################################################################\nif (sps_20_path)\n{\n path = sps_20_path + \"Bin\\Onetutil.dll\";\n ver = get_ver(path);\n\n check_vuln(\n name : \"SharePoint Services 2.0\",\n kb : \"2760604\",\n path : path,\n fix : \"11.0.8346.0\"\n );\n}\n\n######################################################################\n# SharePoint Services 3.0 SP2\n#\n# [KB2596911] Mssrch.dll: 12.0.6660.5000\n#\n#\n# SharePoint Foundation 2010 SP0 / SP1\n#\n# [KB2553365] Mssrch.dll: 14.0.6119.5000\n######################################################################\nif (spf_2010_path)\n{\n path = spf_2010_path + \"Bin\\Mssrch.dll\";\n ver = get_ver(path);\n\n if (ver && ver =~ \"^12\\.\")\n {\n check_vuln(\n name : \"SharePoint Services 3.0\",\n kb : \"2596911\",\n path : path,\n ver : ver,\n fix : \"12.0.6660.5000\"\n );\n }\n else if (ver && ver =~ \"^14\\.\")\n {\n check_vuln(\n name : \"SharePoint Foundation 2010\",\n kb : \"2553365\",\n path : path,\n ver : ver,\n fix : \"14.0.6119.5000\"\n );\n }\n}\n\n######################################################################\n# Office Web Apps 2010 SP0 / SP1\n#\n# [KB2598239] msoserver.dll: 14.0.6120.5000\n######################################################################\nif (owa_2010_path)\n{\n check_vuln(\n name : \"Office Web Apps 2010\",\n kb : \"2598239\",\n path : owa_2010_path + \"WebServices\\ConversionService\\Bin\\Converter\\msoserver.dll\",\n fix : \"14.0.6120.5000\"\n );\n}\n\nhotfix_check_fversion_end();\n\nif (!vuln)\n audit(AUDIT_HOST_NOT, 'affected');\n# Flag the system as vulnerable.\nset_kb_item(name:\"SMB/Missing/\" + bulletin, value:TRUE);\nset_kb_item(name:\"www/0/XSS\", value:TRUE);\nhotfix_security_warning();\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}

Microsoft SharePoint 跨站脚本漏洞(CVE-2012-1863)

Description

Related