Network technologies and trends

May 1 2010   7:51PM GMT

A new vulnerability is affecting Share Point 2007

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

 

A new vulnerability is affecting Microsoft Office SharePoint Server 2007 has surfaced. While enterprises wait on a patch, there are actions they can take to mitigate the vulnerability.
- Microsoft has confirmed reports of a cross-site scripting vulnerability in SharePoint Server 2007 and SharePoint Services 3.0. According to Microsoft, the vulnerability could allow escalation of privilege (EoP) within the SharePoint site. . If an attacker successfully exploits the vulnerability, the person could run commands against the SharePoint server with the privileges of the compromised user.

“In the elevation of privilege scenario, an attacker could convince a user to click a specially crafted URL containing a script that would be run on the target SharePoint site,” Microsoft warned. “This URL could be in an e-mail message, on a Web site, or in an Instant Message conversation. Once the user clicks the specially crafted URL, the browser would run the script with the same privileges as the targeted user on the SharePoint site.”

Microsoft officials did not state when a security update will be ready to address the issue.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: