Microsoft SharePoint Server WAS Remote Code Execution Vulnerability (3017301) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS14-081.

Impact

Successful exploitation will allow remote attackers to execute the arbitrary code and compromise the system. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the given link, https://technet.microsoft.com/library/security/MS14-081

Insight

Flaws are due to an invalid indexing error and a use-after-free error when parsing Office files.

Affected

Microsoft SharePoint Server 2010 Word Automation Services Service Pack 2 and prior, Microsoft SharePoint Server 2013 Word Automation Services Service Pack 1 and prior

Detection

Get the vulnerable file version and check appropriate patch is applied or not.

References

http://secunia.com/advisories/61149
http://www.osvdb.org/115581
https://support.microsoft.com/kb/2883050
https://support.microsoft.com/kb/2899581
https://technet.microsoft.com/library/security/ms14-081

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-6356, CVE-2014-6357

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Data Access Components Remote Code Execution Vulnerabilities (2560656)
Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability (2265906)
Microsoft Groove Remote Code Execution Vulnerability (2494047)
ADODB.Stream object from Internet Explorer (KB870669)
Microsoft .NET Framework Remote Code Execution Vulnerability (2484015)

Take action and discover your vulnerabilities