Oval Definition:oval:org.mitre.oval:def:12885
Revision Date:2013-11-11Version:5
Title:HTML Sanitization Vulnerability
Description:Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2011-1252
Platform(s):Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft Groove Server 2010
Microsoft SharePoint Foundation 2010
Microsoft SharePoint Server 2007
Microsoft SharePoint Server 2010
Microsoft Windows SharePoint Services 3.0
Definition Synopsis
  • Vulnerable Microsoft Office SharePoint Server 2007 (coreserver)
  • Microsoft Office SharePoint Server 2007 is installed.
  • AND the version of Osafehtm.dll is less than 12.0.6555.5000
  • Vulnerable Microsoft Office SharePoint Server 2007 (oserver/sserverx)
  • Microsoft Office SharePoint Server 2007 is installed.
  • AND affected file
  • Pidval.exe version is less than 12.0.6562.5000
  • OR PidValidator.exe version is less than 12.0.6562.5000
  • Vulnerable Microsoft Office SharePoint Server 2007 (dlc)
  • Microsoft Office SharePoint Server 2007 is installed.
  • AND Microsoft.office.policy.dll version is less than 12.0.6562.5000
  • Vulnerable Microsoft Office SharePoint Server 2010 (osrchwfe)
  • Microsoft Office SharePoint Server 2010 is installed.
  • AND Microsoft.SharePoint.Taxonomy.dll version is less than 14.0.6106.5001
  • Vulnerable Microsoft Office SharePoint Server 2010 (osrv/wosrv)
  • Microsoft Office SharePoint Server 2010 is installed.
  • AND Microsoft.office.server.dll version is less than 14.0.6106.5001
  • Vulnerable Microsoft Office SharePoint Server 2010 (ppsmawfe)
  • Microsoft Office SharePoint Server 2010 is installed.
  • AND Eawfap.dll version is less than 14.0.6106.5001
  • Vulnerable Microsoft Office SharePoint Server 2010 (dlc)
  • Microsoft Office SharePoint Server 2010 is installed.
  • AND Microsoft.office.policy.dll version is less than 14.0.6106.5001
  • Vulnerable Microsoft Office SharePoint Server 2010 (ppsmamui)
  • Microsoft Office SharePoint Server 2010 is installed.
  • AND Microsoft.SharePoint.Client.dll version is less than 14.0.6106.5001
  • OR Microsoft Groove Server 2010
  • Microsoft Groove Server 2010 is installed
  • AND Groove.management.server.dll version is less than 14.0.6106.5000
  • Vulnerable Microsoft Windows SharePoint Services 3.0
  • Microsoft Windows SharePoint Services 3.0 are installed
  • AND the version of Onetutil.dll is less than 12.0.6565.5001
  • Vulnerable Microsoft SharePoint Foundation 2010
  • Microsoft SharePoint Foundation 2010 is installed
  • AND OWSSVR.DLL version is less than 14.0.6106.5008
    • BACK