<< Back
CVE Number Vulnerability Product Severity Date
MS13-024 Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2780176) Microsoft SharePoint Critical 13-03-2013

Technical Information

Brief overview of the risk:
This security update resolves four privately reported vulnerabilities in Microsoft SharePoint and Microsoft SharePoint Foundation. The most severe vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL that takes the user to a targeted SharePoint site.
Detailed Information on the risk:

A denial of service vulnerability exists in Microsoft SharePoint Server. An attacker who successfully exploited this vulnerability could cause the W3WP process on an affected version of SharePoint Server to terminate, causing the SharePoint site, and any other sites running under that process, to become unavailable until the process is restarted.

Further information on this exploit is available at : MS13-024

Affected Software

Microsoft SharePoint Server 2010 Service Pack 1
Microsoft SharePoint Foundation 2010 Service Pack 1