Microsoft SharePoint Server 2010 / Foundation 2010 Multiple Vulnerabilities
Last Update Date:
13 Mar 2013 15:19
Release Date:
13 Mar 2013
4013
Views
RISK: Medium Risk
TYPE: Servers - Web Servers
- Callback Function Vulnerability
An elevation of privilege exists in Microsoft SharePoint Server. An attacker who successfully exploited this vulnerability could allow an attacker, after obtaining sensitive system data, elevate their access to the server.
- SharePoint XSS Vulnerability
An elevation of privilege exists in Microsoft SharePoint Server. An attacker who successfully exploited this vulnerability could potentially issue SharePoint commands in the context of an administrative user on the site.
- SharePoint Directory Traversal Vulnerability
An elevation of privilege exists in Microsoft SharePoint Server. An attacker who successfully exploited this vulnerability could allow an attacker, after obtaining sensitive system data, elevate their access to the server.
- Buffer Overflow Vulnerability
A denial of service vulnerability exists in Microsoft SharePoint Server. An attacker who successfully exploited this vulnerability could cause the W3WP process on an affected version of SharePoint Server to terminate, causing the SharePoint site, and any other sites running under that process, to become unavailable until the process is restarted.
Impact
- Cross-Site Scripting
- Denial of Service
- Security Restriction Bypass
- Information Disclosure
System / Technologies affected
- Microsoft SharePoint Foundation 2010
- Microsoft SharePoint Server 2010
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Download location for patches:
http://technet.microsoft.com/en-us/security/bulletin/ms13-024
Vulnerability Identifier
Source
Related Link
Share with