Microsoft SharePoint Could Allow Remote Code Execution Vulnerability (2455005) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS10-104

Impact

Successful exploitation could allow attackers to execute arbitrary code in the security context of a guest account. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/Bulletin/MS10-104.mspx

Insight

The flaws are due an error in the 'Document Conversions Launcher Service' when handling specially crafted 'Simple Object Access Protocol (SOAP)' requests in a SharePoint server environment that is using the Document Conversions Load Balancer Service.

Affected

Microsoft Office SharePoint Server 2007 Service Pack 2

References

http://secunia.com/advisories/42631
http://www.microsoft.com/technet/security/Bulletin/MS10-104.mspx
http://www.vupen.com/english/advisories/2010/3226

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3964

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Bluetooth Stack Could Allow Remote Code Execution Vulnerability (951376)
Microsoft Distributed File System Remote Code Execution Vulnerabilities (2535512)
Microsoft .NET Common Language Runtime Code Execution Vulnerability (974378)
Buffer Overrun In HTML Converter Could Allow Code Execution (823559)
Cumulative Security Update for Internet Explorer (928090)

Take action and discover your vulnerabilities