Vulnerability Description
The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Groove Server | 2010 |
| Microsoft | Internet Explorer | 8 |
| Microsoft | Sharepoint Foundation | 2010 |
| Microsoft | Sharepoint Server | 2007 |
| Microsoft | Sharepoint Services | 3.0 |
| Microsoft | Web Apps | All versions |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0179.htmlExploit
- http://support.avaya.com/css/P8/documents/100113324
- http://www.us-cert.gov/cas/techalerts/TA10-285A.htmlUS Government Resource
- http://www.wooyun.org/bug.php?action=view&id=189Exploit
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-07
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-07
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0179.htmlExploit
- http://support.avaya.com/css/P8/documents/100113324
- http://www.us-cert.gov/cas/techalerts/TA10-285A.htmlUS Government Resource
- http://www.wooyun.org/bug.php?action=view&id=189Exploit
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-07
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-07
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2010-3324?
CVE-2010-3324 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, G...
How severe is CVE-2010-3324?
CVE-2010-3324 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-3324?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Groove Server, Microsoft Internet Explorer, Microsoft Sharepoint Foundation, Microsoft Sharepoint Server, Microsoft Sharepoint Services.