Posted by: Yasir Irfan
cross-site scripting vulnerability, Microsoft, Microsoft Office SharePoint Server 2007, Security, SharePoint Services 3.0
A new vulnerability is affecting Microsoft Office SharePoint Server 2007 has surfaced. While enterprises wait on a patch, there are actions they can take to mitigate the vulnerability.
- Microsoft has confirmed reports of a cross-site scripting vulnerability in SharePoint Server 2007 and SharePoint Services 3.0. According to Microsoft, the vulnerability could allow escalation of privilege (EoP) within the SharePoint site. . If an attacker successfully exploits the vulnerability, the person could run commands against the SharePoint server with the privileges of the compromised user.
“In the elevation of privilege scenario, an attacker could convince a user to click a specially crafted URL containing a script that would be run on the target SharePoint site,” Microsoft warned. “This URL could be in an e-mail message, on a Web site, or in an Instant Message conversation. Once the user clicks the specially crafted URL, the browser would run the script with the same privileges as the targeted user on the SharePoint site.”
Microsoft officials did not state when a security update will be ready to address the issue.