Описание
Multiple serious vulnerabilities have been found in Microsoft Sharepoint. Malicious users can exploit these vulnerabilities to obtain sensitive information and gain privileges.
Below is a complete list of vulnerabilities:
- An improper sanitizing of user web requests can be exploited remotely via a specially designed web request to obtain sensitive information;
- An incorrect sanitizing of web requests can be exploited remotely via a specially designed web request to gain privileges.
Technical details
Vulnerability (1) can only be exploited if user clicks a specially designed URL which takes the user to a targeted Sharepoint Web App site. A malicious URL can be sent via email or it can be on a website hosted by a malicious user. In both cases the attacker should convince a user to click malicious URL.
Первичный источник обнаружения
Эксплуатация
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Связанные продукты
Список CVE
- CVE-2017-8551 warning
- CVE-2017-8514 warning
Список KB
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com