Default configuration

2013-09-1114:03:00

PRIOn knowledge base

www.prio-n.com

8 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.909 High

EPSS

Percentile

98.8%

JSON

The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 does not set the EnableViewStateMac attribute, which allows remote attackers to execute arbitrary code by leveraging an unassigned workflow, aka “MAC Disabled Vulnerability.”

CPENameOperatorVersion
office_web_appseq2010 sp1
sharepoint_foundationeq2010 sp2
sharepoint_foundationeq2010 sp1
sharepoint_portal_servereq2003 sp3
sharepoint_servereq2007 sp3
sharepoint_servereq2010 sp2
sharepoint_servereq2010 sp1
sharepoint_serviceseq3.0
sharepoint_serviceseq2.0

Name	Operator	Version
office_web_apps	eq	2010 sp1
sharepoint_foundation	eq	2010 sp2
sharepoint_foundation	eq	2010 sp1
sharepoint_portal_server	eq	2003 sp3
sharepoint_server	eq	2007 sp3
sharepoint_server	eq	2010 sp2
sharepoint_server	eq	2010 sp1
sharepoint_services	eq	3.0
sharepoint_services	eq	2.0