Microsoft Security Bulletin MS05-006
Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks (887981)

Issued: February 8, 2005
Version: 1.0

Who should read this document: Customers who use Microsoft Windows SharePoint Services or SharePoint Team Services from Microsoft

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Moderate

Recommendation: Customers should consider applying the security update.

Security Update Replacement: None

Caveats: None

Tested Software and Security Update Download Locations:

Affected Software:
?Windows SharePoint Services for Windows Server 2003 ? Download the update (KB887981)
?SharePoint Team Services from Microsoft? Download the update (KB890829) ? Download the full-file update (KB890829)

Non-Affected Software:
?Microsoft Windows Server 2003 for Itanium-based Systems
?SharePoint Portal Server 2003 (all versions)
?SharePoint Portal Server 2001 (all versions)

SharePoint Team Services Users: Office XP Service Pack 2 for Office XP Web Components and Office XP Service Pack 3 for SharePoint Team Services are both vulnerable to this issue. However the security update for Office XP Service Pack 2 for Office XP Web Components is provided only as part of the Office XP full-file security update. For more information, see the ?Security Update Information? section.

The software in this list has been tested to determine whether the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support life cycle for your product and version, visit the Microsoft Support Lifecycle Web site.

Executive Summary:

This update resolves a newly-discovered, privately-reported vulnerability. A cross-site scripting and spoofing vulnerability exists in the affected software that could allow an attacker to convince a user to run a malicious script. The vulnerability is documented in the ?Vulnerability Details? section of this bulletin.

An attacker who successfully exploited the vulnerability could modify Web browser caches and intermediate proxy server caches. Additionally, they could put spoofed content into those caches. An attacker may also be able to exploit the vulnerability to perform cross-site scripting attacks.

We recommend that customers consider applying the security update.