CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
MS13-024 | Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2780176) | Microsoft SharePoint | Critical | 13-03-2013 |
Technical Information
Brief overview of the risk:
This security update resolves four privately reported vulnerabilities in Microsoft SharePoint and Microsoft SharePoint Foundation. The most severe vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL that takes the user to a targeted SharePoint site.
Detailed Information on the risk:
A denial of service vulnerability exists in Microsoft SharePoint Server. An attacker who successfully exploited this vulnerability could cause the W3WP process on an affected version of SharePoint Server to terminate, causing the SharePoint site, and any other sites running under that process, to become unavailable until the process is restarted.
Further information on this exploit is available at : MS13-024
Affected Software
Microsoft SharePoint Server 2010 Service Pack 1Microsoft SharePoint Foundation 2010 Service Pack 1