CVE-2010-3324
Last modified
CVE-2010-3324 is a vulnerability of currently unknown severity. The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.. EPSS estimates a 25.02% chance of exploitation in the next 30 days.
Description
The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Microsoft | Groove Server | 2010 | — |
| Microsoft | Internet Explorer | 8 | — |
| Microsoft | Sharepoint Foundation | 2010 | — |
| Microsoft | Sharepoint Server | 2007 | Sp2 |
| Microsoft | Sharepoint Services | 3.0 | Sp2 |
| Microsoft | Web Apps | All versions | — |
References
- http://www.us-cert.gov/cas/techalerts/TA10-285A.htmlUS Government Resource
- http://www.us-cert.gov/cas/techalerts/TA10-285A.htmlUS Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2010-3324?
How severe is CVE-2010-3324?
How do I fix CVE-2010-3324?
Are you affected by CVE-2010-3324?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST