XSS Vulnerability in Microsoft Internet Explorer and SharePoint Products
CVE-2010-3324

Currently unrated

Key Information:

Vendor: Microsoft
Status: Sharepoint Services; Groove Server; Internet Explorer; Sharepoint Server
Vendor: CVE Published:; 17 September 2010

Summary

A vulnerability exists in the toStaticHTML function of Microsoft Internet Explorer 8 and the SafeHTML function in multiple Microsoft SharePoint products. This flaw allows remote attackers to exploit the HTML sanitization process by crafting a malicious use of the CSS @import rule, circumventing the built-in XSS protection mechanisms. As a result, attackers may conduct XSS attacks, potentially compromising user data and system integrity.

References

http://www.wooyun.org/bug.php?action=view&id=189

x_refsource_MISC

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://archives.neohapsis.com/archives/fulldisclosure/201...

mailing-listx_refsource_FULLDISC

EPSS Score

44% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 17, 2010
Vulnerability Reserved
Sep 14, 2010