Microsoft SharePoint Server and Groove server contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when the application does not properly sanitise HTML code using SafeHTML. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed

Microsoft has released a patch to address this vulnerability.

• Related OSVDB ID:
• CVE ID: 2010-3243 (see also: NVD)
• Microsoft Knowledge Base Article: 2345212 2345304 2345322 2346298 2346411 2412048
• Secunia Advisory ID: 41746
• OVAL ID: 7637
• News Article: http://news.cnet.com/8301-27080_3-20019353-245.html
  http://www.scmagazineus.com/ie-office-windows-get-patches-in-latest-microsoft-update/article/180903/
  http://www.theregister.co.uk/2010/10/12/microsoft_october_2010_patch_tuesday/
• Vendor Specific News/Changelog Entry: http://support.avaya.com/css/P8/documents/100113324
• Microsoft Security Bulletin: MS10-072
• CERT: TA10-285A

• Sirdarckcat - Google Inc.
• Mario Heiderich