• info
• discussion
• exploit
• solution
• references

Internet Explorer and SharePoint 'toStaticHTML' Cross Domain Information Disclosure Vulnerability

Solution:
The vendor has released an advisory and updates. Please see the references for details.


Microsoft InfoPath 2007 SP2

• Microsoft Security Update for Microsoft Office InfoPath 2007 (KB979441)
  http://www.microsoft.com/downloads/details.aspx?familyid=bfa8765a-7970 -4feb-996c-7c27d71c97c6

Microsoft SharePoint Server 2007 SP2

• Microsoft Security Update for Microsoft Office SharePoint Server 3.0 (KB979445), 32-bit Edition
  http://www.microsoft.com/downloads/details.aspx?familyid=52a55423-f33b -4cd1-919d-806972a553df

Microsoft SharePoint Services 3.0 SP1

• Microsoft Security Update for Microsoft Windows SharePoint Services 3.0 (KB983444), 32-bit Edition
  http://www.microsoft.com/downloads/details.aspx?familyid=3841ceda-d0af -4e5e-8a1a-7dd954850783

Microsoft SharePoint Services 3.0 SP2

• Microsoft Security Update for Microsoft Windows SharePoint Services 3.0 (KB983444), 32-bit Edition
  http://www.microsoft.com/downloads/details.aspx?familyid=3841ceda-d0af -4e5e-8a1a-7dd954850783

Microsoft SharePoint Services 64-bit 3.0 SP2

• Microsoft Security Update for Microsoft Windows SharePoint Services 3.0 (KB983444), 64-bit Edition
  http://www.microsoft.com/downloads/details.aspx?familyid=94bc76d4-78e4 -4bda-8922-36c3a9d3854f

Microsoft SharePoint Server 2007 SP1

• Microsoft Security Update for Microsoft Office SharePoint Server 3.0 (KB979445), 32-bit Edition
  http://www.microsoft.com/downloads/details.aspx?familyid=52a55423-f33b -4cd1-919d-806972a553df

Microsoft SharePoint Server 2007 x64 SP1

• Microsoft Security Update for Microsoft Office SharePoint Server 2007 (KB979445), 64-bit Edition
  http://www.microsoft.com/downloads/details.aspx?familyid=4d84a25b-532f -4319-9ab2-90e5b82ebd90

Microsoft Internet Explorer 8

• Microsoft Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 (KB982381)
  http://www.microsoft.com/downloads/details.aspx?familyid=ebab6101-fcf1 -4842-b22d-893a20c1c10f


• Microsoft Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 x64 Edition (KB982381)
  http://www.microsoft.com/downloads/details.aspx?familyid=87e13912-f861 -4985-ab9d-260a5898dfd4


• Microsoft Cumulative Security Update for Internet Explorer 8 for Windows XP (KB982381)
  http://www.microsoft.com/downloads/details.aspx?familyid=9cff9aba-7743 -4c33-87c7-37d06ed60a21


• Microsoft Cumulative Security Update for Internet Explorer 8 for Windows XP x64 Edition (KB982381)
  http://www.microsoft.com/downloads/details.aspx?familyid=37cd7533-ddad -4d0d-85c0-1491308e1ff8


• Microsoft Cumulative Security Update for Internet Explorer 8 in Windows 7 (KB982381)
  http://www.microsoft.com/downloads/details.aspx?familyid=5c835885-9375 -4882-a92f-4d4cfcacc005


• Microsoft Cumulative Security Update for Internet Explorer 8 in Windows 7 x64 Edition (KB982381)
  http://www.microsoft.com/downloads/details.aspx?familyid=5cfc5776-0c6b -4092-bc98-94df077c60d8


• Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 (KB982381)
  http://www.microsoft.com/downloads/details.aspx?familyid=24ed08c7-a474 -4458-8269-3b9de5e22385


• Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 R2 for Itanium-based Syste
  http://www.microsoft.com/downloads/details.aspx?familyid=52c04d85-911f -47be-852e-c9bb4934744d


• Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 R2 x64 Edition (KB982381)
  http://www.microsoft.com/downloads/details.aspx?familyid=7c4ff5ae-eadd -431e-b982-d5f179efb8c0


• Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 x64 Edition (KB982381)
  http://www.microsoft.com/downloads/details.aspx?familyid=cf84469b-ce6d -45e8-8336-7b4501c6cf91


• Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Vista (KB982381)
  http://www.microsoft.com/downloads/details.aspx?familyid=640f9216-3e99 -46b6-aac8-cd051eedad3c


• Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Vista x64 Edition (KB982381)
  http://www.microsoft.com/downloads/details.aspx?familyid=3076d1ea-7716 -4b54-8ec4-660374f14dcb

Microsoft SharePoint Server 2007 x64 SP2

• Microsoft Security Update for Microsoft Office SharePoint Server 2007 (KB979445), 64-bit Edition
  http://www.microsoft.com/downloads/details.aspx?familyid=4d84a25b-532f -4319-9ab2-90e5b82ebd90

Microsoft SharePoint Services 64-bit 3.0 SP1

• Microsoft Security Update for Microsoft Windows SharePoint Services 3.0 (KB983444), 64-bit Edition
  http://www.microsoft.com/downloads/details.aspx?familyid=94bc76d4-78e4 -4bda-8922-36c3a9d3854f

Microsoft InfoPath 2007 SP1

• Microsoft Security Update for Microsoft Office InfoPath 2007 (KB979441)
  http://www.microsoft.com/downloads/details.aspx?familyid=bfa8765a-7970 -4feb-996c-7c27d71c97c6

Microsoft InfoPath 2003 SP3

• Microsoft Security Update for Microsoft Office InfoPath 2003 (KB980923)
  http://www.microsoft.com/downloads/details.aspx?familyid=4f79d376-0ea2 -4218-9200-3c34c83ba336