Summary
This host is missing an important security update according to Microsoft Bulletin MS14-050.
Impact
Successful exploitation could allow an attacker to gain elevated privileges.
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, https://technet.microsoft.com/en-us/security/bulletin/ms14-050
Insight
Flaw is triggered when handling custom actions in a specially crafted application.
Affected
Microsoft SharePoint Server 2013,
Microsoft SharePoint Foundation 2013.
Detection
Get the vulnerable file version and check appropriate patch is applied or not.
References
Severity
Classification
-
CVE CVE-2014-2816 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability (948881)
- Microsoft DHTML Editing Component ActiveX Remote Code Execution Vulnerability (956844)
- Microsoft .NET Framework Authentication Bypass and Spoofing Vulnerabilities (2836440)
- Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (961371))
- Microsoft DirectShow Remote Code Execution Vulnerability (2929961)