Microsoft SharePoint Business Productivity Server RCE Vulnerability (2904244) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS13-100.

Impact

Successful exploitation will allow attackers to execute arbitrary code with the privileges of the W3WP service account. Impact Level: Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms13-100

Insight

Flaws is due to some input sanitisation errors related to SharePoint content

Affected

Microsoft Business Productivity Servers on, - Microsoft SharePoint Server 2010 Service Pack 1 - Microsoft SharePoint Server 2010 Service Pack 2 - Microsoft SharePoint 2013

Detection

Get the vulnerable file version and check appropriate patch is applied or not.

References

http://secunia.com/advisories/55985
http://technet.microsoft.com/en-us/security/bulletin/MS13-100
http://www.osvdb.com/100767

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-5059

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Microsoft SharePoint Multiple Privilege Escalation Vulnerabilities (2451858)
Microsoft Windows IIS FTP Service Information Disclosure Vulnerability (2761226)
Microsoft SQL Server Elevation of Privilege Vulnerability (2984340) - Remote
ASP.NET MVC Security Feature Bypass Vulnerability (2990942)
Microsoft Windows SAMR Protocol Security Bypass Vulnerability (2934418)

Take action and discover your vulnerabilities