Oval Definition:oval:org.mitre.oval:def:16599
Revision Date:2014-12-08Version:20
Title:Vulnerability in HTML sanitization component could allow elevation of privilege - MS13-035
Description:Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2013-1289
Platform(s):Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft InfoPath 2010
Microsoft Office Web Apps 2010
Microsoft SharePoint Foundation 2010
Microsoft SharePoint Server 2010
Definition Synopsis
  • groove server/versions
  • Check if the version of groovers.dll is less than 14.0.6126.5000
  • AND Microsoft Groove Server 2010 Service Pack 1 is installed
  • OR sharepoint server 2010/version
  • Check if the version of Microsoft.office.server.dll is less than 14.0.6128.5000
  • AND Microsoft SharePoint Server 2010 Service Pack 1 is installed
  • OR office web apps 2010/version
  • Check if the version of Msoserver.dll is less than 14.0.6134.5000
  • AND Microsoft Office Web Apps 2010 Service Pack 1 is installed
  • OR sharepoint foundation 2010/version
  • Check if the version of Onfda.dll is less than 14.0.6137.5000
  • AND Microsoft SharePoint Foundation 2010 Service Pack 1 is installed
  • OR office infopath 2010/version (KB2687422)
  • Check if the version of infopath.exe is less than 14.0.6134.5004
  • AND Microsoft InfoPath 2010 SP1 is installed
  • OR Ipeditor.dll shared component of Microsoft Office (KB2760406)
  • Check if the version of Ipeditor.dll is less than 14.0.6134.5004
    • BACK