Test ID:	1.3.6.1.4.1.25623.1.0.902919
Category:	Windows : Microsoft Bulletins
Title:	Microsoft SharePoint Privilege Elevation Vulnerabilities (2663841)
Summary:	This host is missing an important security update according to; Microsoft Bulletin MS12-011.
Description:	Summary: This host is missing an important security update according to Microsoft Bulletin MS12-011. Vulnerability Insight: Input passed to 'inplview.aspx', 'themeweb.aspx' and 'skey' parameter in 'wizardlist.aspx' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Affected Software/OS: - Microsoft SharePoint Server 2010 Service Pack 1 and prior - Microsoft SharePoint Foundation 2010 Service Pack 1 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0017 Cert/CC Advisory: TA12-045A http://www.us-cert.gov/cas/techalerts/TA12-045A.html Microsoft Security Bulletin: MS12-011 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-011 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14637 Common Vulnerability Exposure (CVE) ID: CVE-2012-0144 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14386 Common Vulnerability Exposure (CVE) ID: CVE-2012-0145 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14826
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.