Oval Definition:oval:org.mitre.oval:def:6677
Revision Date:2014-08-18Version:68
Title:toStaticHTML Information Disclosure Vulnerability
Description:Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2010-1257
Platform(s):Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft Internet Explorer 8
Microsoft Office InfoPath 2003
Microsoft Office InfoPath 2007
Microsoft Office SharePoint Server 2007
Microsoft Windows SharePoint Services 3.0
Definition Synopsis
  • Internet Explorer 8 on XP x86/x64, Server 2003 x86/x64/ia64 - GDR
  • Windows XP, Server 2003
  • Microsoft Windows XP (32-bit) is installed
  • OR Microsoft Windows XP x64 is installed
  • OR Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • AND Microsoft Internet Explorer 8 is installed
  • AND Mshtml.dll version is less than 8.0.6001.18928
  • OR Internet Explorer 8 on XP x86/x64, Server 2003 x86/x64/ia64 - LDR
  • Windows XP, Server 2003
  • Microsoft Windows XP (32-bit) is installed
  • OR Microsoft Windows XP x64 is installed
  • OR Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • AND Microsoft Internet Explorer 8 is installed
  • AND Mshtml.dll version is greater than 8.0.6001.22000
  • AND Mshtml.dll version is less than 8.0.6001.23019
  • OR Internet Explorer 8 on all Vista x86/x64, all Server 2008 x86/x64 - GDR
  • Vista x86/x64, all Server 2008 x86/x64
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • AND Microsoft Internet Explorer 8 is installed
  • AND Mshtml.dll version is less than 8.0.6001.18928
  • OR Internet Explorer 8 on all Vista x86/x64, all Server 2008 x86/x64 - LDR
  • Windows Vista, Server 2008
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • AND Microsoft Internet Explorer 8 is installed
  • AND Mshtml.dll version is greater than 8.0.6001.22000
  • AND Mshtml.dll version is less than 8.0.6001.23019
  • OR Internet Explorer 8 on Windows 7 x86/x64, Server 2008 R2 x64/ia64 - GDR
  • Windows 7, Server 2008 R2
  • Microsoft Windows 7 (32-bit) is installed
  • OR Microsoft Windows 7 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
  • AND Microsoft Internet Explorer 8 is installed
  • AND Mshtml.dll version is less than 8.0.7600.16588
  • OR Internet Explorer 8 on Windows 7 x86/x64, Server 2008 R2 x64/ia64 - LDR
  • Windows 7, Server 2008 R2
  • Microsoft Windows 7 (32-bit) is installed
  • OR Microsoft Windows 7 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
  • AND Microsoft Internet Explorer 8 is installed
  • AND Mshtml.dll version is greater than or equal 8.0.7600.20000
  • AND Mshtml.dll version is less than 8.0.7600.20708
  • Vulnerable Microsoft Office InfoPath 2003
  • Microsoft InfoPath 2003 is installed
  • AND the version of Infopath.exe is less than 11.0.8233.0
  • Vulnerable Microsoft Office InfoPath 2007
  • Microsoft InfoPath 2007 is installed
  • AND infopath.exe version is less than 12.0.6529.5000
  • Vulnerable Microsoft Office SharePoint Server 2007
  • Microsoft Office SharePoint Server 2007 is installed.
  • AND Osafehtm.dll or Onetutil.dll
  • the version of Osafehtm.dll is less than 12.0.6524.5003
  • OR the version of Onetutil.dll is less than 12.0.6524.5003
  • Vulnerable Microsoft Windows SharePoint Services 3.0
  • Windows Server 2003 32-bit or Windows Server 2003 64-bit
  • Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • AND Microsoft Windows SharePoint Services 3.0 are installed
  • AND the version of Onetutil.dll is less than 12.0.6535.5003
    • BACK