April 29, 2010, 1:12PM
New Flaw Found in Microsoft SharePoint
Comment 
There is a cross-site scripting flaw in SharePoint 2007, Microsoft's collaboration product, which could give an attacker the ability to execute arbitrary JavaScript code on a machine through a browser.
High-Tech Bridge, a Swiss security firm, published an advisory about the vulnerability on Thursday, along with proof-of-concept code to demonstrate the exploit.
"The vulnerability exists due to failure in the "/_layouts/help.aspx" script to properly sanitize user-supplied input in "cid0" variable. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data," the company said in its advisory.
Microsoft's Security Response Center said it is working on mitigations, workarounds and a fix for the vulnerability.
Recommended Reads
Commenting on this Article is closed.
Today's Most Popular
- Attackers Using Fake Google Analytics Code to Redirect Users to Black Hole Exploit Kit
- Google Releases Beta of Chrome for Android
- Flash With Sandbox in the Works for Firefox
- DDoS Attacks Take on Political Motivations as Attackers Evolve
- Anonymous Leaks FBI, Scotland Yard Phone Call Detailing Hacking Investigations
Most Commented Stories
-
Mac OS X Sandbox Security Hole Uncovered (5)
-
Anonymous Leaks FBI, Scotland Yard Phone Call Detailing Hacking Investigations (5)
-
Privacy Fail: Is Uncle Sam Encouraging Bad Security? (8)
-
Flash With Sandbox in the Works for Firefox (4)
-
Attackers Using Fake Google Analytics Code to Redirect Users to Black Hole Exploit Kit (3)
Newsletter Sign-up
Take Our Poll
Follow Threatpost
 |  |  |  |
| Tumblr |
