1. Summmary

The vulnerability possibly exist in Microsoft Windows SharePoint Services 3.0 and Microsoft Office SharePoint Server 2007. The vulnerability could allow an attacker to run arbitrary script that could result in elevation of privilege within the SharePoint site, as opposed to elevation of privilege within the workstation or server environment.

2. Affected Software

- Microsoft Office SharePoint Server 2007 SP1, SP2 (32-bit editions)
- Microsoft Office SharePoint Server 2007 SP1, SP2 (64-bit editions)
- Microsoft Windows SharePoint Services 3.0 SP1, SP2 (32-bit editions)
- Microsoft Windows SharePoint Services 3.0 SP1, SP2 (64-bit editions)

3. Solution

Currently, the security update for this vulnerability has not been released.
For temporary solution, user can block the access authority to the Help.aspx of SharePoint.

Execute following commands from CMD prompt:
__________________________________________________________________________________
cacls "%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\LAYOUTS\Help.aspx" /E /P everyone:N

cacls "%ProgramFiles(x86)%\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\LAYOUTS\Help.aspx" /E /P everyone:N
__________________________________________________________________________________

Recovery:
__________________________________________________________________________________
takeown /f "%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\LAYOUTS\Help.aspx"

takeown /f "%ProgramFiles(x86)%\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\LAYOUTS\Help.aspx"

cacls "%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\LAYOUTS\Help.aspx" /E /R everyone

cacls "%ProgramFiles(x86)%\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\LAYOUTS\Help.aspx" /E /R everyone
__________________________________________________________________________________

4. Link

http://www.microsoft.com/technet/security/advisory/983438.mspx