Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability

Bugtraq ID: 39776
Class: Input Validation Error
CVE: CVE-2010-0817
Remote: Yes
Local: No
Published: Apr 28 2010 12:00AM
Updated: Jun 10 2010 07:09PM
Credit: High-Tech Bridge SA
Vulnerable: Microsoft Windows SharePoint Services 3.0
+ Microsoft Windows Server 2003 SP2
+ Microsoft Windows Server 2003 SP1 Platform SDK
+ Microsoft Windows Server 2003 SP1
+ Microsoft Windows Server 2003 Datacenter Edition SP1
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter x64 Edition SP2
+ Microsoft Windows Server 2003 Datacenter x64 Edition
+ Microsoft Windows Server 2003 Enterprise Edition SP1
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise x64 Edition SP2
+ Microsoft Windows Server 2003 Enterprise x64 Edition
+ Microsoft Windows Server 2003 Standard Edition SP2
+ Microsoft Windows Server 2003 Standard Edition SP1
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Standard x64 Edition
+ Microsoft Windows Server 2003 Web Edition SP2
+ Microsoft Windows Server 2003 Web Edition SP1
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows Server 2003 x64 SP2
+ Microsoft Windows Server 2003 x64 SP1
Microsoft SharePoint Services 64-bit 3.0 SP2
Microsoft SharePoint Services 64-bit 3.0 SP1
Microsoft SharePoint Services 64-bit 3.0
Microsoft SharePoint Services 3.0 SP2
Microsoft SharePoint Services 3.0 SP1
Microsoft SharePoint Server 2007 x64 SP2
Microsoft SharePoint Server 2007 x64 SP1
Microsoft SharePoint Server 2007 x64 0
Microsoft SharePoint Server 2007 SP2
Microsoft SharePoint Server 2007 SP1
Microsoft SharePoint Server 2007 12.0.0.6421
Microsoft SharePoint Server 2007 12.0.0.6318
Microsoft SharePoint Server 2007 0
Avaya Messaging Application Server MM 3.1
Avaya Messaging Application Server MM 3.0
Avaya Messaging Application Server MM 2.0
Avaya Messaging Application Server MM 1.1
Avaya Messaging Application Server 5
Avaya Messaging Application Server 4
Avaya Messaging Application Server 0
Avaya Meeting Exchange - Webportal 6.0
Avaya Meeting Exchange - Web Conferencing Server 0
Avaya Meeting Exchange - Streaming Server 0
Avaya Meeting Exchange - Recording Server 0
Avaya Meeting Exchange - Client Registration Server 0
Not Vulnerable:


 

Privacy Statement
Copyright 2010, SecurityFocus