<< Back
CVE Number Vulnerability Product Severity Date
MS13-084 Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2885089) Microsoft Windows Important 09-10-2013

Technical Information

Brief overview of the risk:
This security update resolves two privately reported vulnerabilities in Microsoft Office server software. The most severe vulnerability could allow remote code execution if a user opens a specially crafted Office file in an affected version of Microsoft SharePoint Server, Microsoft Office Services, or Web Apps.
Detailed Information on the risk:

A remote code execution vulnerability exists in the way that affected Microsoft Office Services and Web Apps parse content in specially crafted files. An attacker who successfully exploited this vulnerability could take complete control of an affected system.


Further information on this exploit is available at : MS13-084

Affected Software

Microsoft Windows SharePoint Services 3.0 Service Pack 3 (wssloc) (32-bit versions)
Microsoft Windows SharePoint Services 3.0 Service Pack 3 (wssloc) (64-bit versions)
Microsoft SharePoint Foundation 2010 Service Pack 1 (wssloc)
Microsoft SharePoint Foundation 2010 Service Pack 2 (wssloc)
Microsoft SharePoint Server 2013 (wacserver)
Microsoft SharePoint Server 2013 (pptserver)