Lucene search

K
saintSAINT CorporationSAINT:1AF7483E5B4DB373D9449DD910472EA5
HistoryMar 03, 2020 - 12:00 a.m.

Microsoft SharePoint Picker.aspx deserialization vulnerability

2020-03-0300:00:00
SAINT Corporation
download.saintcorporation.com
1426

EPSS

0.974

Percentile

100.0%

Added: 03/03/2020
CVE: CVE-2019-0604
BID: 106914

Background

Microsoft SharePoint is a tool for management and automation of business processes, as well as a platform for social networking.

Problem

A deserialization vulnerability in Microsoft SharePoint allows remote attackers to execute arbitrary commands by sending a specially crafted request to the **Picker.aspx** resource.

Resolution

Apply the appropriate update referenced in Microsoft advisory CVE-2019-0604.

References

<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0604&gt;

Platforms

Windows