Lucene search
HistorySep 11, 2013 - 2:03 p.m.
CVE-2013-1330
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
7.4
Confidence
High
EPSS
0.919
Percentile
99.0%
The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 does not set the EnableViewStateMac attribute, which allows remote attackers to execute arbitrary code by leveraging an unassigned workflow, aka βMAC Disabled Vulnerability.β
Affected configurations
Node
microsoftsharepoint_foundationMatch2010sp1
ORmicrosoftsharepoint_foundationMatch2010sp2
ORmicrosoftsharepoint_portal_serverMatch2003sp3
ORmicrosoftsharepoint_serverMatch2007sp3
ORmicrosoftsharepoint_serverMatch2010sp1
ORmicrosoftsharepoint_serverMatch2010sp2
ORmicrosoftsharepoint_servicesMatch2.0
ORmicrosoftsharepoint_servicesMatch3.0
Node
microsoftoffice_web_appsMatch2010sp1
ORmicrosoftoffice_web_appsMatch2010sp2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2010 | cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:* |
| microsoft | sharepoint_foundation | 2010 | cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:* |
| microsoft | sharepoint_portal_server | 2003 | cpe:2.3:a:microsoft:sharepoint_portal_server:2003:sp3:*:*:*:*:*:* |
| microsoft | sharepoint_server | 2007 | cpe:2.3:a:microsoft:sharepoint_server:2007:sp3:*:*:*:*:*:* |
| microsoft | sharepoint_server | 2010 | cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:* |
| microsoft | sharepoint_server | 2010 | cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:* |
| microsoft | sharepoint_services | 2.0 | cpe:2.3:a:microsoft:sharepoint_services:2.0:*:*:*:*:*:*:* |
| microsoft | sharepoint_services | 3.0 | cpe:2.3:a:microsoft:sharepoint_services:3.0:*:*:*:*:*:*:* |
| microsoft | office_web_apps | 2010 | cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:* |
| microsoft | office_web_apps | 2010 | cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:* |
Related
prion
prion
Default configuration
2013-09-11 14:03:00
symantec
symantec
Microsoft SharePoint CVE-2013-1330 Remote Code Execution Vulnerability
2013-09-10 00:00:00
cve
cve
CVE-2013-1330
2013-09-11 14:03:48
checkpoint_advisories
checkpoint_advisories
cvelist
cvelist
CVE-2013-1330
2013-09-11 10:00:00
seebug
seebug
Microsoft SharePointθΏη¨δ»£η ζ§θ‘ζΌζ΄(CVE-2013-1330)(MS13-067)
2013-09-13 00:00:00
threatpost
threatpost
SharePoint Fixes Priority for September 2013 Patch Tuesday
2013-09-10 14:51:14
mskb
mskb
nessus
nessus
securityvulns
securityvulns
Microsoft Exchange Server multiple security vulnerabilities
2013-12-16 00:00:00
Microsoft Sharepoint Server multiple security vulnerabilities
2013-10-03 00:00:00
openvas
openvas
MS Exchange Server Remote Code Execution Vulnerabilities (2915705)
2013-12-11 00:00:00
Microsoft Exchange Server Remote Code Execution Vulnerabilities (2915705)
2013-12-11 00:00:00
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
7.4
Confidence
High
EPSS
0.919
Percentile
99.0%
Related for NVD:CVE-2013-1330