ID CVE-2014-2816 Type cve Reporter NVD Modified 2018-10-12T18:06:43
Description
Microsoft SharePoint Server 2013 Gold and SP1 and SharePoint Foundation 2013 Gold and SP1 allow remote authenticated users to gain privileges via a Trojan horse app that executes a custom action in the context of the SharePoint extensibility model, aka "SharePoint Page Content Vulnerability."
{"symantec": [{"lastseen": "2018-03-12T02:29:27", "references": [], "edition": 2, "description": "### Description\n\nMicrosoft SharePoint Server is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges in the context of the currently logged-in user. Successful exploits may aid in further attacks.\n\n### Technologies Affected\n\n * Microsoft SharePoint Foundation 2013 \n * Microsoft SharePoint Foundation 2013 SP1 \n * Microsoft SharePoint Server 2013 \n * Microsoft SharePoint Server 2013 SP1 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nFilter access to the affected computer at the network boundary if global access isn't needed. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity such as unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "reporter": "Symantec Security Response", "published": "2014-08-12T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "symantec", "title": "Microsoft SharePoint Server CVE-2014-2816 Remote Privilege Escalation Vulnerability", "bulletinFamily": "software", "affectedSoftware": [{"name": "Microsoft SharePoint Foundation", "version": "2013 ", "operator": "eq"}, {"name": "Microsoft SharePoint Foundation", "version": "2013 SP1 ", "operator": "eq"}, {"name": "Microsoft SharePoint Server", "version": "2013 ", "operator": "eq"}, {"name": "Microsoft SharePoint Server", "version": "2013 SP1 ", "operator": "eq"}], "cvelist": ["CVE-2014-2816"], "modified": "2014-08-12T00:00:00", "id": "SMNTC-69099", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/69099", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:56", "references": [], "description": "Code execution in another user's context.", "edition": 1, "reporter": "MICROSOFT", "published": "2014-09-15T00:00:00", "title": "Microsoft SharePoint Server privilege escalation", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:56", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "SharePoint Server", "version": "2013", "operator": "eq"}], "cvelist": ["CVE-2014-2816"], "modified": "2014-09-15T00:00:00", "id": "SECURITYVULNS:VULN:13959", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13959", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-10-22T16:40:48", "references": ["https://technet.microsoft.com/library/security/MS14-050", "https://support.microsoft.com/kb/2880994", "https://technet.microsoft.com/en-us/security/bulletin/ms14-050"], "pluginID": "1361412562310804741", "description": "This host is missing an important security update according to\nMicrosoft Bulletin MS14-050.", "edition": 7, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-08-13T00:00:00", "title": "Microsoft SharePoint Server and Foundation Privilege Escalation Vulnerability", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Windows : Microsoft Bulletins", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-2816"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:1361412562310804741", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804741", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ms14-050.nasl 11878 2018-10-12 12:40:08Z cfischer $\n#\n# Microsoft SharePoint Server and Foundation Privilege Escalation Vulnerability\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:microsoft:sharepoint_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804741\");\n script_version(\"$Revision: 11878 $\");\n script_cve_id(\"CVE-2014-2816\");\n script_bugtraq_id(69099);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 14:40:08 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-13 17:07:01 +0530 (Wed, 13 Aug 2014)\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_name(\"Microsoft SharePoint Server and Foundation Privilege Escalation Vulnerability\");\n\n\n script_tag(name:\"summary\", value:\"This host is missing an important security update according to\nMicrosoft Bulletin MS14-050.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Flaw is triggered when handling custom actions in a specially crafted\napplication.\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow an attacker to gain elevated privileges.\");\n script_tag(name:\"affected\", value:\"Microsoft SharePoint Server 2013,\nMicrosoft SharePoint Foundation 2013.\");\n script_tag(name:\"solution\", value:\"Run Windows Update and update the listed hotfixes or download and\ninstall the hotfixes from the referenced advisory.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/kb/2880994\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/library/security/MS14-050\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Windows : Microsoft Bulletins\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_dependencies(\"gb_ms_sharepoint_sever_n_foundation_detect.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"MS/SharePoint/Server_or_Foundation_or_Services/Installed\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/en-us/security/bulletin/ms14-050\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nshareVer = get_app_version(cpe:CPE);\nif(!shareVer)\n{\n CPE = \"cpe:/a:microsoft:sharepoint_foundation\";\n shareVer = get_app_version(cpe:CPE);\n if(!shareVer){\n exit(0);\n }\n}\n\n## SharePoint Server and Foundation 2013\nif(shareVer =~ \"^15\\..*\")\n{\n path = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\",\n item:\"CommonFilesDir\");\n if(path)\n {\n path = path + \"\\microsoft shared\\SERVER15\\Server Setup Controller\";\n\n dllVer = fetch_file_version(sysPath:path, file_name:\"Wsssetup.dll\");\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"15.0\", test_version2:\"15.0.4641.999\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-11-17T03:07:09", "references": ["https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-050"], "pluginID": "77168", "description": "The version of Microsoft SharePoint Server installed on the remote host is affected by an elevation of privilege vulnerability that allows cross-site scripting. An authenticated attacker could exploit this vulnerability to execute arbitrary JavaScript in the context of the user's browser.", "edition": 7, "reporter": "Tenable", "published": "2014-08-12T00:00:00", "title": "MS14-050: Vulnerability in Microsoft SharePoint Server Could Allow Elevation of Privilege (2977202)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "Windows : Microsoft Bulletins", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-2816"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:microsoft:sharepoint_server", "cpe:/a:microsoft:sharepoint", "cpe:/a:microsoft:sharepoint_foundation"], "id": "SMB_NT_MS14-050.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=77168", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77168);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/15 20:50:31\");\n\n script_cve_id(\"CVE-2014-2816\");\n script_bugtraq_id(69099);\n script_xref(name:\"MSFT\", value:\"MS14-050\");\n script_xref(name:\"MSKB\", value:\"2880994\");\n script_xref(name:\"IAVA\", value:\"2014-A-0125\");\n\n script_name(english:\"MS14-050: Vulnerability in Microsoft SharePoint Server Could Allow Elevation of Privilege (2977202)\");\n script_summary(english:\"Checks the SharePoint version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by an elevation of privilege\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft SharePoint Server installed on the remote\nhost is affected by an elevation of privilege vulnerability that\nallows cross-site scripting. An authenticated attacker could exploit\nthis vulnerability to execute arbitrary JavaScript in the context of\nthe user's browser.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-050\");\n script_set_attribute(attribute:\"solution\", value:\"Microsoft has released a set of patches for SharePoint Server 2013.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:sharepoint\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:sharepoint_server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:sharepoint_foundation\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"microsoft_sharepoint_installed.nbin\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS14-050\";\nkbs = make_list(\n 2880994\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\", exit_code:1);\n\n# Get installs of SharePoint.\napp_name = 'Microsoft SharePoint Server';\nget_install_count(app_name:app_name, exit_if_zero:TRUE);\ninstall = get_single_install(app_name:app_name);\n\npath = install['path'];\nproduct = install['Product'];\nsp = install['SP'];\nversion = install['version'];\nvuln = FALSE;\n\n# Only 2013 & 2013 SP1 are affected.\nif (product != \"2013\" || !(sp == '0' || sp == '1'))\n audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);\n\n# Get path information for Common Files.\ncommon_files = hotfix_get_commonfilesdir();\nif (isnull(common_files))\n exit(1, \"Failed to determine the location of %commonprogramfiles%.\");\n\nif (\n hotfix_check_fversion(\n file:\"CsiSrv.dll\",\n version:\"15.0.4641.1000\",\n path:hotfix_append_path(path:common_files, value:\"Microsoft Shared\\Web Server Extensions\\15\\BIN\\\"),\n bulletin:bulletin,\n kb:\"2880994\",\n product:app_name) == HCF_OLDER\n )\n vuln = TRUE;\n\nif (vuln)\n{\n set_kb_item(name:\"www/0/XSS\", value:TRUE);\n set_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_security_warning();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, \"affected\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2018-12-06T13:23:24", "references": [], "description": "### *CVSS*:\n9.3\n\n### *Detect date*:\n11/11/2014\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Microsoft SharePoint. Malicious users can exploit these vulnerabilities to gain privileges or execute arbitrary code.\n\n### *Affected products*:\nMicrosoft Windows SharePoint Services x86, x64 3.0 Service Pack 3 \nMicrosoft SharePoint Foundation 2010 Service Pack 1, 2 \nMicrosoft SharePoint Foundation 2013 \nMicrosoft SharePoint Foundation 2013 Service Pack 1 \nMicrosoft SharePoint Server 2013 \nMicrosoft SharePoint Server 2013 Service Pack 1 \nMicrosoft Project Server 2010 Service Pack 1, 2 \nMicrosoft Project Server 2013 \nMicrosoft Project Server 2013 Service Pack 1 \nMicrosoft Web Applications 2010 Service Pack 1, 2 \nMicrosoft Office Web Apps Server 2013 \nMicrosoft Office Web Apps Server 2013 Service Pack 1 \n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2014-2816](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-2816>) \n[CVE-2014-0251](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-0251>) \n[CVE-2014-1754](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-1754>) \n[CVE-2014-1813](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-1813>) \n[CVE-2014-4116](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-4116>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Sharepoint Server](<https://threats.kaspersky.com/en/product/Microsoft-Sharepoint-Server/>)\n\n### *CVE-IDS*:\n[CVE-2014-2816](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2816>) \n[CVE-2014-0251](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0251>) \n[CVE-2014-1754](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1754>) \n[CVE-2014-1813](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1813>) \n[CVE-2014-4116](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4116>) \n\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[2837588](<http://support.microsoft.com/kb/2837588>) \n[2880453](<http://support.microsoft.com/kb/2880453>) \n[2880536](<http://support.microsoft.com/kb/2880536>) \n[2863829](<http://support.microsoft.com/kb/2863829>) \n[2863922](<http://support.microsoft.com/kb/2863922>) \n[2837598](<http://support.microsoft.com/kb/2837598>) \n[2880994](<http://support.microsoft.com/kb/2880994>) \n[2863863](<http://support.microsoft.com/kb/2863863>) \n[2760236](<http://support.microsoft.com/kb/2760236>) \n[2752096](<http://support.microsoft.com/kb/2752096>) \n[2596861](<http://support.microsoft.com/kb/2596861>) \n[2596763](<http://support.microsoft.com/kb/2596763>) \n[2977202](<http://support.microsoft.com/kb/2977202>) \n[2810069](<http://support.microsoft.com/kb/2810069>) \n[2596902](<http://support.microsoft.com/kb/2596902>) \n[2863836](<http://support.microsoft.com/kb/2863836>) \n[2863856](<http://support.microsoft.com/kb/2863856>) \n[2863854](<http://support.microsoft.com/kb/2863854>) \n[3000431](<http://support.microsoft.com/kb/3000431>) \n[2952166](<http://support.microsoft.com/kb/2952166>) \n[2596810](<http://support.microsoft.com/kb/2596810>) \n[2837616](<http://support.microsoft.com/kb/2837616>)", "edition": 27, "reporter": "Kaspersky Lab", "published": "2014-11-11T00:00:00", "title": "\r KLA10604Multiple vulnerabilities in Microsoft SharePoint ", "type": "kaspersky", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "info", "cvelist": ["CVE-2014-4116", "CVE-2014-2816", "CVE-2014-1813", "CVE-2014-0251", "CVE-2014-1754"], "modified": "2018-12-04T00:00:00", "id": "KLA10604", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10604", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
