فا

‫ Microsoft SharePoint Server Two Vulnerabilities

IRCAD2013102928
ID: IRCAD2013102928
Release Date: 2013-10-08
Criticality level: Highly critical
 
Software:
Microsoft Office Web Apps
Microsoft SharePoint Server 2007
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2013
 
Description:
Two vulnerabilities have been reported in Microsoft SharePoint Server, which can be exploited by malicious people to conduct clickjacking attacks and compromise a user's system.
1) An error can be exploited to cause a memory corruption.
2) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain unspecified actions by tricking a user into e.g. clicking a specially crafted link via clickjacking.
 
Solution
Apply updates.
 
Microsoft SharePoint Server 2007 Service Pack 3
Microsoft SharePoint Server 2010 Service Pack 1
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2007 Service Pack 3
Microsoft SharePoint Server 2010 Service Pack 1
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft SharePoint Server 2013
Microsoft Office Web Apps 2010
 
 
 
References:
Microsoft (KB2885089, KB2596741, KB2589365, KB2827222, KB2760561, KB2827327, KB2826029, KB2826022, KB2752002, KB2826036, KB2826030, KB2826028):
 
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 17 مهر 1392

امتیاز

امتیاز شما
تعداد امتیازها:0