Microsoft Sharepoint Multiple Vulnerabilities
Release Date : 2014-05-13
Criticality level : Moderately critical
Impact : Cross Site Scripting
Where : From remote
Solution Status: Vendor Patch
Microsoft Office SharePoint Designer 2007
Microsoft Office Web Apps
Microsoft SharePoint Designer 2010
Microsoft SharePoint Designer 2013
Microsoft SharePoint Server 2007
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2013
SharePoint Server 2013 Client Components SDK
Some vulnerabilities have been reported in Microsoft Sharepoint, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks.
1) Some errors due to improper sanitisation of page content within Microsoft SharePoint Server can be exploited to execute arbitrary code with the privileges of the W3WP service account by sending a specially crafted page to an affected SharePoint server.
Successful exploitation of this vulnerability allows execution of arbitrary code.
2) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
3) An error due to improper sanitisation of page content within Microsoft Web Applications can be exploited to execute arbitrary code with the privileges of the W3WP service account by sending a specially crafted page to an affected SharePoint server.
Provided and/or discovered by:
Reported by the vendor.
Microsoft (KB2952166, KB2837616, KB2596902, KB2596763, KB2837588, KB2837598, KB2863856, KB2863863, KB2863829, KB2863922, KB2760236, KB2880536, KB2880453, KB2863854, KB2596861, KB2596810, KB2810069, KB2752096, KB2863836):
Was this reply helpful? (0) (0)