Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Microsoft SharePoint Server vulnerabilities could allow remote code execution


Report ID: MS201310005
Date Published: 9 October 2013

Criticality: Important
Compromise Type: remote-code-execution privilege-escalation
Compromise From: remote


Affected Product/Component:

Microsoft Windows SharePoint Services 3.0
Microsoft SharePoint Foundation 2010
Microsoft SharePoint Server 2013
Excel Services
Word Automation Services
Microsoft Web Applications 2010
Microsoft Excel Web App 2010




Summary

Two vulnerabilities were reported found in the Microsoft SharePoint Server, one of which could lead to remote code execution and the other could lead to escalation of privilege.



Detailed Description

Microsoft has released a security update for Microsoft SharePoint Server to address two reported vulnerabilities that could lead to remote code execution and escalation of privilege. The causes of the vulnerabilities were improper handling of objects in memory when parsing Office files, and improper protection against clickjacking in a SharePoint page.

The issues have been resolved through the latest update by correcting the way of validating data when parsing Office files, and by changing the configuration of a SharePoint page to protect against clickjacking attacks. Users are recommended to install the update to their system as a protection measure against possible exploit attempts.



CVE Reference

CVE-2013-3889, CVE-2013-3895



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-084)



Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.