CVE-2010-3324: XSS
First published: Fri Sep 17 2010(Updated: )
The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft SharePoint Services | =3.0-sp2 | |
| Microsoft Groove Management Server | =2010 | |
| Internet Explorer | =8 | |
| Microsoft SharePoint Server 2010 | =2007-sp2 | |
| Microsoft SharePoint Foundation 2013 | =2010 | |
| Microsoft Web Apps |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0179.html
- http://www.wooyun.org/bug.php?action=view&id=189
- http://support.avaya.com/css/P8/documents/100113324
- http://www.us-cert.gov/cas/techalerts/TA10-285A.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7297
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-072
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071
Frequently Asked Questions
What is the severity of CVE-2010-3324?
CVE-2010-3324 has a critical severity due to its potential for remote code execution through cross-site scripting attacks.
How do I fix CVE-2010-3324?
To fix CVE-2010-3324, ensure that you apply the latest security updates and patches provided by Microsoft for the affected software.
Which software is affected by CVE-2010-3324?
CVE-2010-3324 affects Microsoft Internet Explorer 8, SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps.
What are the potential impacts of CVE-2010-3324?
The potential impacts of CVE-2010-3324 include unauthorized access to sensitive data and user accounts through successful cross-site scripting exploitation.
Is CVE-2010-3324 exploit available in the wild?
Yes, there have been reports of exploit attempts in the wild targeting CVE-2010-3324.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/references
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/microsoft
- canonical/microsoft sharepoint services
- version/microsoft sharepoint services/3.0-sp2
- canonical/microsoft groove management server
- version/microsoft groove management server/2010
- canonical/internet explorer
- version/internet explorer/8
- canonical/microsoft sharepoint server 2010
- version/microsoft sharepoint server 2010/2007-sp2
- canonical/microsoft sharepoint foundation 2013
- version/microsoft sharepoint foundation 2013/2010
- canonical/microsoft web apps