MS12-011 : Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2663841)

medium Nessus Plugin ID 57945

Synopsis

The remote host is affected by multiple privilege escalation and information disclosure vulnerabilities.

Description

The version of SharePoint Foundation or SharePoint Server installed on the remote host has multiple privilege escalation and information disclosure vulnerabilities.

A remote attacker could exploit them by tricking a user into making a malicious request, resulting in arbitrary script code execution.

Solution

Microsoft has released a set of patches for SharePoint Server 2010 and SharePoint Foundation 2010.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-011

Plugin Details

Severity: Medium

ID: 57945

File Name: smb_nt_ms12-011.nasl

Version: 1.13

Type: local

Agent: windows

Published: 2/14/2012

Updated: 1/10/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Vulnerability Information

CPE: cpe:/a:microsoft:sharepoint_server, cpe:/a:microsoft:sharepoint_foundation

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 2/14/2012

Vulnerability Publication Date: 2/14/2012

Reference Information

CVE: CVE-2012-0017, CVE-2012-0144, CVE-2012-0145

BID: 51928, 51934, 51937

MSFT: MS12-011

MSKB: 2553413, 2597124