| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS13-100 | Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2904244) | Microsoft SharePoint | Important | 11-12-2013 |
Technical Information
Brief overview of the risk:
This security update resolves multiple privately reported vulnerabilities in Microsoft Office server software. These vulnerabilities could allow remote code execution if an authenticated attacker sends specially crafted page content to a SharePoint server. An attacker who successfully exploited these vulnerabilities could run arbitrary code in the security context of the W3WP service account on the target SharePoint site.
Detailed Information on the risk:
Remote code execution vulnerabilities exist in Microsoft SharePoint Server. An authenticated attacker who successfully exploited these vulnerabilities could run arbitrary code in the security context of the W3WP service account.
Further information on this exploit is available at : MS13-100
Affected Software
Microsoft SharePoint Server 2013Microsoft SharePoint Server 2010 Service Pack 1
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft SharePoint Server 2013
Microsoft Office Web Apps 2013