Reported February 8, 2005 by Microsoft

VERSIONS AFFECTED

  • Windows SharePoint Services for Windows Server 2003
  • SharePoint Team Services from Microsoft

Non-Affected Software:

  • Windows Server 2003 for Itanium-based systems
  • SharePoint Portal Server 2003 (all versions)
  • SharePoint Portal Server 2001 (all versions)

DESCRIPTION

The cross-site scripting vulnerability could allow an intruder to execute code in the security context of the currently logged on user.

A spoofing attack could take place because input provided to HTML redirection queries is not adequately validated before the input is sent to a user's Web browser.

VENDOR RESPONSE

Microsoft has released Security Bulletin MS05-006, "Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks (887981)," and a patch to correct the problem.