| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS10-104 | Vulnerability in Microsoft SharePoint Could Allow Remote Code Execution (2455005) | Microsoft Office | Critical | 15-12-2010 |
Technical Information
Brief overview of the risk:
The vulnerability could allow remote code execution in the security context of a guest user if an attacker sent a specially crafted SOAP request to the Document Conversions Launcher Service in a SharePoint server environment that is using the Document Conversions Load Balancer Service. By default, the Document Conversions Load Balancer Service and Document Conversions Launcher Service are not enabled in Microsoft Office SharePoint Server 2007.
Detailed Information on the risk:
A remote code execution vulnerability exists in the way that the Document Conversions Launcher Service validates SOAP requests before processing on a SharePoint server. An attacker who successfully exploited this vulnerability could run arbitrary code on an affected SharePoint server under the security context of a guest account.
Further information on this exploit is available at : MS10-104
Affected Software
Microsoft Office SharePoint Server 2007 Service Pack 2 (32-bit editions) (KB2433089)Microsoft Office SharePoint Server 2007 Service Pack 2 (64-bit editions) (KB2433089)