Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Microsoft FAST Search Server 2010 vulnerabilities could allow remote code execution


Report ID: MS201302005
Date Published: 22 February 2013

Criticality: Important
Compromise Type: remote-code-execution
Compromise From: remote


Affected Product/Component:

Microsoft FAST Search Server 2010 for SharePoint




Summary

Two vulnerabilities in Microsoft FAST Search Server 2010 for SharePoint, involving Oracle Outside In libraries, could be exploited into allowing an attacker to execute code on an affected system.



Detailed Description

Microsoft has released a security update to address two vulnerabilities in Microsoft Search Server 2010 for SharePoint. The vulnerabilities involved the Oracle Outside In libraries, and existed when parsing specially crafted files. Upon successful exploitation, an attacker could execute arbitrary code on the affected system. 

The latest update fixes these issues by updating the Oracle Outside In libraries to a non-vulnerable version. Users are recommended to install the update onto their system as a protection against potential exploit attempt.



CVE Reference

CVE-2013-3214, CVE-2013-3217



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-013)




Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.