logo
DATABASE RESOURCES PRICING ABOUT US

Microsoft SharePoint和Microsoft Lync HTML过滤跨站脚本执行漏洞 (MS12-067)

Description

BUGTRAQ ID: 55797 CVE(CAN) ID: CVE-2012-2520 SharePoint Server是一个服务器功能集成套件,提供全面的内容管理和企业搜索,加速共享业务流程并简化跨界限信息共享。Microsoft Lync 新一代企业整合沟通平台(前身为 Communications Server),提供了一种全新的、直观的用户体验,跨越PC、Web、手机等其他移动设备,将不同的沟通方式集成到一个平台之中。 Microsoft SharePoint和Microsoft Lync存在跨站脚本执行漏洞,攻击者可利用此漏洞在受影响站点用户浏览器中执行任意脚本代码。 0 Microsoft SharePoint Foundation 2010 SP1 Microsoft SharePoint Foundation 2010 Microsoft Office Web Apps 2010 SP1 Microsoft Office Web Apps 2010 0 Microsoft Groove Server 2010 Microsoft Lync 2010 Microsoft InfoPath 2007 SP2 Microsoft InfoPath 2007 临时解决方法: * 禁用Advanced Filter Pack for FAST Search Server 2010 for SharePoint 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS12-067)以及相应补丁: MS12-067:Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2742321) 链接:http://www.microsoft.com/technet/security/bulletin/MS12-067.asp


Related