Important 2018-01 archive

Executive Summary

A cross-site-scripting (XSS) vulnerability exists when Microsoft Access does not properly sanitize inputs to image fields edited within Design view. An attacker could exploit the vulnerability by sending a specially crafted file to a victim, or by hosting the file on a web server. The attacker who successfully exploited the vulnerability could then run javascript in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on a remote site on behalf of the user, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that Microsoft Access properly sanitizes image field values.

Overview

Important
MS Severity
Not Exploited
MS Exploit Status
Exploitation Unlikely
MS Exploit Likelihood
Category Tampering
Released Jan 9 2018
Last Updated Jan 9 2018
Publicly Disclosed No
CISA KEV Not Listed
Known Exploits None Known

EPSS Score

No EPSS score available for this CVE.

View on FIRST.org

Affected Products

2 affected products
Product KB Article Severity Impact Restart Required
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 4011599 (Security Update) Important Tampering Maybe
Microsoft SharePoint Enterprise Server 2016 4011642 (Security Update) Important Tampering Maybe

Patches

2 patches
Article Type Restart
4011599 Security Update Maybe
4011642 Security Update Maybe

Known Exploits

Acknowledgments

Adrian Ivascu