Microsoft SharePoint Could Allow Remote Code Execution Vulnerability (2455005) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS10-104

Impact

Successful exploitation could allow attackers to execute arbitrary code in the security context of a guest account. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/Bulletin/MS10-104.mspx

Insight

The flaws are due an error in the 'Document Conversions Launcher Service' when handling specially crafted 'Simple Object Access Protocol (SOAP)' requests in a SharePoint server environment that is using the Document Conversions Load Balancer Service.

Affected

Microsoft Office SharePoint Server 2007 Service Pack 2

References

http://secunia.com/advisories/42631
http://www.microsoft.com/technet/security/Bulletin/MS10-104.mspx
http://www.vupen.com/english/advisories/2010/3226

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3964

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Microsoft Internet Explorer Multiple Memory Corruption Vulnerabilities (2870699)
Microsoft Active Directory Denial of Service Vulnerability (953235)
Microsoft Comctl32 Integer Overflow Vulnerability (2864058)
Microsoft Expression Design Remote Code Execution Vulnerability (2651018)
Cumulative Patch for Internet Information Services (Q327696)

Take action and discover your vulnerabilities