Windows : Microsoft Bulletins : Microsoft SharePoint Foundation Remote Code Execution vulnerability (2834052)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.903323

Categoría: Windows : Microsoft Bulletins

Título: Microsoft SharePoint Foundation Remote Code Execution vulnerability (2834052)

Resumen: This host is missing an important security update according to Microsoft;Bulletin MS13-067.

Descripción: Summary:
This host is missing an important security update according to Microsoft
Bulletin MS13-067.

Vulnerability Insight:
Multiple flaws are due to:

- An error when handling an unassigned workflow can be exploited to cause the
W3WP process to stop responding via a specially crafted URL.

- An error related to MAC exists when handling unassigned workflows.

- Input passed via the 'ms-descriptionText > ctl00_PlaceHolderDialogBodySection
_PlaceHolderDialogBodyMainSection_ValSummary' parameter related to metadata
storage assignment of the BDC permission management within the 'Sharepoint
Online Cloud 2013 Service' section is not properly sanitised before being used.

- Certain unspecified input is not properly sanitised before being returned to
the user.

- Multiple unspecified errors.

Vulnerability Impact:
Successful exploitation will allow attackers to conduct script insertion
attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.

Affected Software/OS:
- Microsoft SharePoint Foundation 2013

- Microsoft SharePoint Server 2010 Service Pack 2 and prior

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-1330
Cert/CC Advisory: TA13-253A
http://www.us-cert.gov/ncas/alerts/TA13-253A
Microsoft Security Bulletin: MS13-067
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067
Microsoft Security Bulletin: MS13-105
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-105
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19040
Common Vulnerability Exposure (CVE) ID: CVE-2013-3179
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18750
Common Vulnerability Exposure (CVE) ID: CVE-2013-3180
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19136
Common Vulnerability Exposure (CVE) ID: CVE-2013-0081
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19036

Copyright Copyright (C) 2013 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.903323
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft SharePoint Foundation Remote Code Execution vulnerability (2834052)
Resumen:	This host is missing an important security update according to Microsoft;Bulletin MS13-067.
Descripción:	Summary: This host is missing an important security update according to Microsoft Bulletin MS13-067. Vulnerability Insight: Multiple flaws are due to: - An error when handling an unassigned workflow can be exploited to cause the W3WP process to stop responding via a specially crafted URL. - An error related to MAC exists when handling unassigned workflows. - Input passed via the 'ms-descriptionText > ctl00_PlaceHolderDialogBodySection _PlaceHolderDialogBodyMainSection_ValSummary' parameter related to metadata storage assignment of the BDC permission management within the 'Sharepoint Online Cloud 2013 Service' section is not properly sanitised before being used. - Certain unspecified input is not properly sanitised before being returned to the user. - Multiple unspecified errors. Vulnerability Impact: Successful exploitation will allow attackers to conduct script insertion attacks, cause a DoS (Denial of Service), and compromise a vulnerable system. Affected Software/OS: - Microsoft SharePoint Foundation 2013 - Microsoft SharePoint Server 2010 Service Pack 2 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-1330 Cert/CC Advisory: TA13-253A http://www.us-cert.gov/ncas/alerts/TA13-253A Microsoft Security Bulletin: MS13-067 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 Microsoft Security Bulletin: MS13-105 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-105 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19040 Common Vulnerability Exposure (CVE) ID: CVE-2013-3179 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18750 Common Vulnerability Exposure (CVE) ID: CVE-2013-3180 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19136 Common Vulnerability Exposure (CVE) ID: CVE-2013-0081 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19036
Copyright	Copyright (C) 2013 Greenbone AG