Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Microsoft SharePoint vulnerabilities could allow escalation of privilege


Report ID: MS201303004
Date Published: 13 March 2013

Criticality: Critical
Compromise Type: privilege-escalation
Compromise From: remote


Affected Product/Component:

Microsoft SharePoint Server 2010
Microsoft SharePoint Foundation 2010




Summary

Four vulnerabilities in Microsoft SharePoint Server could be exploited by an attacker in order to gain escalated privilege on the server.



Detailed Description

Microsoft has released a security update for Microsoft SharePoint Server following the discovery of four vulnerabilities that were caused by improper validation of user input and improper handling of malicious JavaScript elements. An attacker who successfully exploited the vulnerabilities could be able to obtain sensitive system data and elevate his access to the server, issue commands in the context of the administrative user, and cause the SharePoint site to become unavailable.

These issues have been fixed in the update by making correction on the way that SharePoint Server validates user input and URLs. Users are recommended to install the latest update onto their system as a protection measure against possible exploit attempts.



CVE Reference

CVE-2013-0080, CVE-2013-0083, CVE-2013-0084, CVE-2013-0085



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-024)



Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.