funsec mailing list archives

Re: No fix for MS SharePoint vuln today

From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Wed, 12 Sep 2007 11:20:01 +0300 (EEST)

It has been reported that this vulnerability mentioned is public since May '07.

However, the vulnerability dropped by Microsoft is a different issue, "an elevation-of-privilege flaw", from May too, 
according to
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9035138&intsrc=news_ts_head

I can't find it on CVE.

- Juha-Matti

Juha-Matti Laurio <juha-matti.laurio () netti fi> wrote:

If some of the readers are not aware of this updated notification
http://www.microsoft.com/technet/security/bulletin/ms07-sep.mspx

there is no fix for Microsoft SharePoint Server vulnerability coming as part of Black Tuesday of September.

It appears that the vulnerability is CVE-2007-2581:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2581


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

No fix for MS SharePoint vuln today Juha-Matti Laurio (Sep 11)
- <Possible follow-ups>
- Re: No fix for MS SharePoint vuln today Juha-Matti Laurio (Sep 12)