| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS13-067 | Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2834052) | Microsoft SharePoint | Critical | 11-09-2013 |
Technical Information
Brief overview of the risk:
This security update resolves one publicly disclosed vulnerability and nine privately reported vulnerabilities in Microsoft Office Server software. The most severe vulnerability could allow remote code execution in the context of the W3WP service account if an attacker sends specially crafted content to the affected server.
Detailed Information on the risk:
A denial of service vulnerability exists in Microsoft SharePoint Server. An attacker who successfully exploited this vulnerability could cause the W3WP process on an affected version of SharePoint Server to stop responding, causing the SharePoint site, and any other sites running under that process, to become unavailable until the process is restarted.
Further information on this exploit is available at : MS13-067
Affected Software
Microsoft SharePoint Portal Server 2003 Service Pack 3Microsoft SharePoint Server 2007 Service Pack 3
Microsoft SharePoint Server 2007 Service Pack 3 (32-bit editions)
Microsoft SharePoint Server 2007 Service Pack 3 (64-bit editions)
Microsoft SharePoint Server 2010 Service Pack 1
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft SharePoint Server 2013
Microsoft Office Services and Web Apps
Microsoft SharePoint Server 2007 Service Pack 3 (32-bit editions)
Microsoft SharePoint Server 2010 Service Pack 1
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft Office Web Apps 2010
Microsoft Office Web Apps 2010 Service Pack 1
Microsoft Office Web Apps 2010 Service Pack 2