Beschreibung
Multiple serious vulnerabilities have been found in Microsoft Sharepoint. Malicious users can exploit these vulnerabilities to obtain sensitive information and gain privileges.
Below is a complete list of vulnerabilities:
- An improper sanitizing of user web requests can be exploited remotely via a specially designed web request to obtain sensitive information;
- An incorrect sanitizing of web requests can be exploited remotely via a specially designed web request to gain privileges.
Technical details
Vulnerability (1) can only be exploited if user clicks a specially designed URL which takes the user to a targeted Sharepoint Web App site. A malicious URL can be sent via email or it can be on a website hosted by a malicious user. In both cases the attacker should convince a user to click malicious URL.
Ursprüngliche Informationshinweise
CVE Liste
- CVE-2017-8551 warning
- CVE-2017-8514 warning
KB Liste
Mehr erfahren
Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com