<< Back
CVE Number Vulnerability Product Severity Date
MS14-073 Vulnerability in Microsoft SharePoint Foundation Could Allow Elevation of Privilege (3000431) Microsoft SharePoint Important 12-11-2014

Technical Information

Brief overview of the risk:
This security update resolves a privately reported vulnerability in Microsoft SharePoint Server. An authenticated attacker who successfully exploited this vulnerability could run arbitrary script in the context of the user on the current SharePoint site. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit these vulnerabilities and then convince a user to view the website.
Detailed Information on the risk:
An elevation of privilege vulnerability exists when SharePoint Server does not properly sanitize page content in SharePoint lists. An authenticated attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the logged-on user.Further information on this exploit is available at : MS14-073

Affected Software

Microsoft SharePoint Server 2010 Service Pack 2