Microsoft SharePoint vulnerabilities could allow escalation of privilege
Report ID: MS201303004
Date Published: 13 March 2013
Criticality: Critical
Compromise Type: privilege-escalation
Compromise From: remote
Affected Product/Component:
Microsoft SharePoint Server 2010
Microsoft SharePoint Foundation 2010
Summary
Four vulnerabilities in Microsoft SharePoint Server could be exploited by an attacker in order to gain escalated privilege on the server.
Detailed Description
Microsoft has released a security update for Microsoft SharePoint Server following the discovery of four vulnerabilities that were caused by improper validation of user input and improper handling of malicious JavaScript elements. An attacker who successfully exploited the vulnerabilities could be able to obtain sensitive system data and elevate his access to the server, issue commands in the context of the administrative user, and cause the SharePoint site to become unavailable.
These issues have been fixed in the update by making correction on the way that SharePoint Server validates user input and URLs. Users are recommended to install the latest update onto their system as a protection measure against possible exploit attempts.
CVE Reference
CVE-2013-0080, CVE-2013-0083, CVE-2013-0084, CVE-2013-0085
Solution
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-024)
F-Secure Health Check
F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.
