A cross-site scripting vulnerability has been discovered in Microsoft SharePoint. The vulnerability is due to insufficient validation of parameters passed to inplnview.aspx and could lead to execution of malicious script code inside the browser of the target user.

A remote attacker can exploit this vulnerability by enticing a user to follow a URL containing script code in the List parameter. Successful exploitation will result in the attacker-controlled script code being executed in the Microsoft Excel process of the target user. If the attacker is successful in performing scripting, this may lead to disclosure of sensitive information such as authentication cookies, which can be further exploited to impersonate the target user; or direct execution of SharePoint Foundation commands with the privileges of the target user.

Microsoft has published an advisory and patches to address this vulnerability:

http://technet.microsoft.com/en-us/security/bulletin/ms12-011

• Microsoft Windows SharePoint Foundation 2010
• Microsoft Windows SharePoint Foundation 2010 Service Pack 1

• Access vector is NETWORK
• Access complexity is MEDIUM
• Level of authentication required is NONE
• Impact of this vulnerability on data confidentiality is PARTIAL
• Impact of this vulnerability on data integrity is PARTIAL
• Impact of this vulnerability on data availability is PARTIAL

• The exploitability level of this vulnerability is UNPROVEN
• The remediation level of this vulnerability is OFFICIAL FIX
• The report confidence level of this vulnerability is CONFIRMED