Analysis: Remote exploitation of a cross-site scripting (XSS) vulnerability in Microsoft Corp.s SharePoint Portal Server 2001 allows for the theft of user credentials.
Microsoft SharePoint Portal Server is an enterprise application that gives users the ability to create web portals with integrated document management services. The problem specifically exists in the way that the server sanitizes user-supplied data. Information such as cookies and website history are susceptible to being viewed by a remote entity.
Exploitation of this vulnerability requires a user to be socially engineered into following a malicious link. Once this is accomplished, an attacker can acquire cookie information, credentials and system information of the user.
Detection: Microsoft SharePoint Portal Server 2001 SP1/SP2/SP2A are vulnerable.
Exploit: iDEFENSE is currently unaware of any publicly available exploit code for this issue; however, the issue is trivially exploitable.
Vendor Fix: Microsoft has provided a fix for this vulnerability in the form of a service pack that is available at the link shown.
SharePoint Portal Server 2001 SP3: http://support.microsoft.com/?kbid=837017
iDefense provides security intelligence to governments and Fortune 1000 organizations, and provides this daily threat alert to eWEEK.com