Description
Multiple serious vulnerabilities have been found in Microsoft Sharepoint. Malicious users can exploit these vulnerabilities to obtain sensitive information and gain privileges.
Below is a complete list of vulnerabilities:
- An improper sanitizing of user web requests can be exploited remotely via a specially designed web request to obtain sensitive information;
- An incorrect sanitizing of web requests can be exploited remotely via a specially designed web request to gain privileges.
Technical details
Vulnerability (1) can only be exploited if user clicks a specially designed URL which takes the user to a targeted Sharepoint Web App site. A malicious URL can be sent via email or it can be on a website hosted by a malicious user. In both cases the attacker should convince a user to click malicious URL.
Original advisories
Exploitation
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
CVE list
- CVE-2017-8551 warning
- CVE-2017-8514 warning
KB list
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com