Reported February 8, 2005 by Microsoft
- Windows SharePoint Services for Windows Server 2003
- SharePoint Team Services from Microsoft
- Windows Server 2003 for Itanium-based systems
- SharePoint Portal Server 2003 (all versions)
- SharePoint Portal Server 2001 (all versions)
The cross-site scripting vulnerability could allow an intruder to execute code in the security context of the currently logged on user.
A spoofing attack could take place because input provided to HTML redirection queries is not adequately validated before the input is sent to a user's Web browser.
Microsoft has released
Security Bulletin MS05-006, "Vulnerability
in Windows SharePoint Services and SharePoint Team Services Could
Allow Cross-Site Scripting and Spoofing Attacks (887981),"
and a patch to correct the problem.