Microsoft SharePoint Server vulnerabilities could allow remote code execution
Report ID: MS201310005
Date Published: 9 October 2013
Compromise Type: remote-code-execution privilege-escalation
Compromise From: remote
Microsoft Windows SharePoint Services 3.0
Microsoft SharePoint Foundation 2010
Microsoft SharePoint Server 2013
Word Automation Services
Microsoft Web Applications 2010
Microsoft Excel Web App 2010
Two vulnerabilities were reported found in the Microsoft SharePoint Server, one of which could lead to remote code execution and the other could lead to escalation of privilege.
Microsoft has released a security update for Microsoft SharePoint Server to address two reported vulnerabilities that could lead to remote code execution and escalation of privilege. The causes of the vulnerabilities were improper handling of objects in memory when parsing Office files, and improper protection against clickjacking in a SharePoint page.
The issues have been resolved through the latest update by correcting the way of validating data when parsing Office files, and by changing the configuration of a SharePoint page to protect against clickjacking attacks. Users are recommended to install the update to their system as a protection measure against possible exploit attempts.
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-084)
F-Secure Health Check
F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.