Summary
This host is missing an important security update according to Microsoft Bulletin MS13-067.
Impact
Successful exploitation will allow attackers to conduct script insertion attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.
Impact Level: Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms13-067
Insight
Multiple Flaws are due to,
- An error when handling an unassigned workflow can be exploited to cause the W3WP process to stop responding via a specially crafted URL.
- An error related to MAC exists when handling unassigned workflows.
- Input passed via the 'ms-descriptionText > ctl00_PlaceHolderDialogBodySection _PlaceHolderDialogBodyMainSection_ValSummary' parameter related to metadata storage assignment of the BDC permission management within the 'Sharepoint Online Cloud 2013 Service' section is not properly sanitised before being used.
- Certain unspecified input is not properly sanitised before being returned to the user.
- Multiple unspecified errors.
Affected
Excel Services on Microsoft SharePoint Server 2007 Excel Services on Microsoft SharePoint Server 2010 Word Automation Services on Microsoft SharePoint Server 2010
Detection
Get the vulnerable file version and check appropriate patch is applied or not.
References
Severity
Classification
-
CVE CVE-2013-0081, CVE-2013-1315, CVE-2013-1330, CVE-2013-3179, CVE-2013-3180 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Message Queuing Remote Code Execution Vulnerability (951071)
- Microsoft Internet Explorer Multiple Code Execution Vulnerabilities (974455)
- Microsoft Excel Could Allow Remote Code Execution Vulnerabilities (954066)
- Microsoft .NET Framework Multiple Vulnerabilities (2916607)
- Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability (947864)