‫ Microsoft SharePoint Multiple Vulnerabilities

IRCAD2013092874
ID: IRCAD2013092874
Release Date: 2013-09-11
Criticality level: Highly critical
Software:
Microsoft Office SharePoint Portal Server 2003
Microsoft Office SharePoint Server 2007
Microsoft Office Web Apps
Microsoft SharePoint Foundation 2010
Microsoft SharePoint Server 2007
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2013
Microsoft Windows SharePoint Services 2.x
Microsoft Windows SharePoint Services 3.x
Description:
Multiple vulnerabilities have been reported in Microsoft SharePoint, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.
1) An error when handling an unassigned workflow can be exploited to cause the W3WP process to stop responding via a specially crafted URL.
2) An error when handling certain objects can be exploited to corrupt memory.
3) An error related to MAC exists when handling unassigned workflows.
Successful exploitation of the vulnerabilities #2 and #3 allows execution of arbitrary code.
4) Input passed via the "ms-descriptionText >
 ctl00_PlaceHolderDialogBodySection_PlaceHolderDialogBodyMainSection_ValSummary"parameter related to metadata storage assignment of the BDC permission management within the "Sharepoint Online Cloud 2013 Service" section is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code.
5) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
6) Multiple unspecified errors can be exploited to cause memory corruption.
 Solution
Apply updates.
Microsoft SharePoint Server 2007 Service Pack 3
Microsoft SharePoint Server 2010 Service Pack 1
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft Office Web Apps 2010
References:
MS13-067 (KB2553408, KB2760420, KB2760589, KB2760594, KB2760595, KB2760755, KB2810061, KB2810067, KB2810083, KB2817305, KB2817315, KB2817372, KB2817384, KB2817393, KB2834052):
Vulnerability Lab:
Secunia
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 21 شهریور 1392

امتیاز

امتیاز شما
تعداد امتیازها:0