Issues the date: 2007-05-04

Renewal date: 2007-10-10

Is affected the system:

Microsoft Windows SharePoint Services 3.0

Microsoft Office SharePoint Server 2007

Description:

--------------------------------------------------------------------------------

BUGTRAQ ID: 23832

CVE(CAN) ID: CVE-2007-2581

SharePoint Server is a server function integration suite, provides the comprehensive content management and the enterprise searches, accelerates to share the operation flow and to simplify the cross boundary information sharing.

Microsoft Windows SharePoint Services 3.0 and Microsoft Office SharePoint Server in 2007 has a cross station script to carry out the crack, the malicious server possibly uses this crack to collect the client side system's useful information.

Is opposite with in the workstation or the server environment's jurisdiction promotion, this crack possibly allows the aggressor to move may cause in the SharePoint stand the jurisdiction promotion random script. This crack also possibly allows the aggressor to move the random script to revise the user the buffer, thus causes on the workstation the information revelation. However, must use this crack, needs to carry on the user to be interactive.

<* origin: Solarius (ville.solarius@gmail.com)

Link: http://secunia.com/advisories/27148/

http://marc.info/?l=bugtraq&m=117838004815166&w=2

http://www.us-cert.gov/cas/techalerts/TA07-282A.html

http://www.microsoft.com/technet/security/Bulletin/MS07-059.mspx?pf=true

*>

Suggested:

--------------------------------------------------------------------------------

Manufacturer patch:

Microsoft

---------

Microsoft had already issued a safe announcement for this reason (MS07-059) as well as the corresponding patch:

MS07-059:Vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007 Could Result in Elevation of Privilege Within the SharePoint Site (942017)

Link: http://www.microsoft.com/technet/security/Bulletin/MS07-059.mspx?pf=true