The host is installed with Microsoft Office Web Apps 2010, Microsoft SharePoint Foundation 2010 Service Pack 1, Microsoft Windows SharePoint Services 3.0 Service Pack 2, Microsoft Groove Server 2010 Service Pack 1, Microsoft SharePoint Server 2010 Service Pack 1, Microsoft SharePoint Server 2007 Service Pack 3, or Service Pack 2, Microsoft Lync 2010 Attendee, Microsoft Lync 2010, Microsoft InfoPath 2010 Service Pack 1, Microsoft InfoPath 2007 Service Pack 2 or Service Pack 3 and is prone to elevation of privilege vulnerability. A flaw is present in the applications, which fail to properly validate the HTML strings. Successful exploitation allows attackers to perform cross-site scripting attacks and run script in the security context of the logged-on user.