KLA10604
Multiple vulnerabilities in Microsoft SharePoint

Обновлено: 03/06/2020
Дата обнаружения
11/11/2014
Уровень угрозы
High
Описание

Multiple serious vulnerabilities have been found in Microsoft SharePoint. Malicious users can exploit these vulnerabilities to gain privileges or execute arbitrary code.

Below is a complete list of vulnerabilities

  1. XSS vulnerability can be exploited remotely via a specially designed requests;
  2. An unknown vulnerabilities can be exploited remotely via a specially designed page content or app.
Пораженные продукты

Microsoft Windows SharePoint Services x86, x64 3.0 Service Pack 3
Microsoft SharePoint Foundation 2010 Service Pack 1, 2
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2013 Service Pack 1 
Microsoft Project Server 2010 Service Pack 1, 2
Microsoft Project Server 2013 
Microsoft Project Server 2013 Service Pack 1
Microsoft Web Applications 2010 Service Pack 1, 2
Microsoft Office Web Apps Server 2013 
Microsoft Office Web Apps Server 2013 Service Pack 1 

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2014-2816
CVE-2014-0251
CVE-2014-1754
CVE-2014-1813
CVE-2014-4116
Оказываемое влияние
?
ACE 
[?]

PE 
[?]
Связанные продукты
Microsoft Sharepoint Server
CVE-IDS
CVE-2014-28169.3Critical
CVE-2014-02519.0Critical
CVE-2014-17544.3Warning
CVE-2014-18138.5Critical
CVE-2014-41164.3Warning