{"id": "SECURITYVULNS:VULN:12950", "bulletinFamily": "software", "title": "Microsoft Sharepoint multiple security vulnerabilities", "description": "Buffer oveflows, directory traversal, crossite scripting, code execution.", "published": "2013-03-13T00:00:00", "modified": "2013-03-13T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12950", "reporter": "MICROSOFT", "references": [], "cvelist": ["CVE-2013-0083", "CVE-2013-0085", "CVE-2013-0084", "CVE-2013-0080"], "type": "securityvulns", "lastseen": "2018-08-31T11:09:50", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "c304346544c371599ef1b10d1b4ae2c7"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "c1767ede645b62d1492b2a24544d5f21"}, {"key": "cvss", "hash": "ed3111898fb94205e2b64cefef5a2081"}, {"key": "description", "hash": "c0a17cb529685c340c3953f5c1affbcc"}, {"key": "href", "hash": "24917f0e6c2c2794e154ae82a8477d33"}, {"key": "modified", "hash": "537232b3efd0a49b5148dd48f47f2abd"}, {"key": "published", "hash": "537232b3efd0a49b5148dd48f47f2abd"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "6ef686b32faf3c870b16770ecf4de086"}, {"key": "title", "hash": "f870414975698055eef6af8c0020f1ab"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "d346aca564d8eba1086f4d90db676f0dd864871c175f66e2b225db8afe410a7e", "viewCount": 3, "enchantments": {"score": {"value": 9.3, "vector": "NONE", "modified": "2018-08-31T11:09:50"}, "vulnersScore": 9.3}, "objectVersion": "1.3", "affectedSoftware": [{"name": "SharePoint Server", "operator": "eq", "version": "2010"}, {"name": "SharePoint Foundation", "operator": "eq", "version": "2010"}]}

{"cve": [{"lastseen": "2018-10-13T11:06:04", "references": ["http://www.us-cert.gov/ncas/alerts/TA13-071A", "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024"], "description": "Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka \"Callback Function Vulnerability.\"", "edition": 3, "reporter": "NVD", "published": "2013-03-12T20:55:01", "title": "CVE-2013-0080", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:16596", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16596"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-0080"], "scanner": [], "modified": "2018-10-12T18:03:42", "cpe": ["cpe:/a:microsoft:sharepoint_foundation:2010:sp1", "cpe:/a:microsoft:sharepoint_server:2010:sp1"], "id": "CVE-2013-0080", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0080", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-13T11:06:04", "references": ["http://www.us-cert.gov/ncas/alerts/TA13-071A", "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024"], "description": "Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka \"SharePoint Directory Traversal Vulnerability.\"", "edition": 3, "reporter": "NVD", "published": "2013-03-12T20:55:01", "title": "CVE-2013-0084", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:16445", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16445"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-0084"], "scanner": [], "modified": "2018-10-12T18:03:43", "cpe": ["cpe:/a:microsoft:sharepoint_foundation:2010:sp1", "cpe:/a:microsoft:sharepoint_server:2010:sp1"], "id": "CVE-2013-0084", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0084", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-13T11:06:04", "references": ["http://www.us-cert.gov/ncas/alerts/TA13-071A", "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024"], "description": "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka \"SharePoint XSS Vulnerability.\"", "edition": 2, "reporter": "NVD", "published": "2013-03-12T20:55:01", "title": "CVE-2013-0083", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-0083"], "scanner": [], "modified": "2018-10-12T18:03:42", "cpe": ["cpe:/a:microsoft:sharepoint_foundation:2010:sp1", "cpe:/a:microsoft:sharepoint_server:2010:sp1"], "id": "CVE-2013-0083", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0083", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-10-13T11:06:04", "references": ["http://www.us-cert.gov/ncas/alerts/TA13-071A", "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024"], "description": "Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka \"Buffer Overflow Vulnerability.\"", "edition": 3, "reporter": "NVD", "published": "2013-03-12T20:55:01", "title": "CVE-2013-0085", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:16414", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16414"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-0085"], "scanner": [], "modified": "2018-10-12T18:03:43", "cpe": ["cpe:/a:microsoft:sharepoint_foundation:2010:sp1", "cpe:/a:microsoft:sharepoint_server:2010:sp1"], "id": "CVE-2013-0085", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0085", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-10-22T16:41:25", "references": ["http://support.microsoft.com/kb/2687418", "http://secunia.com/advisories/52551", "http://www.securitytracker.com/id/1028278", "http://technet.microsoft.com/en-us/security/bulletin/ms13-0-24", "http://technet.microsoft.com/en-us/security/bulletin/ms13-024", "http://support.microsoft.com/kb/2553407"], "pluginID": "1361412562310902953", "description": "This host is missing a critical security update according to\n Microsoft Bulletin MS13-024.", "edition": 8, "reporter": "Copyright (C) 2013 SecPod", "published": "2013-03-13T00:00:00", "title": "Microsoft SharePoint Server Privilege Elevation Vulnerabilities (2780176)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Windows : Microsoft Bulletins", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0083", "CVE-2013-0085", "CVE-2013-0084", "CVE-2013-0080"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:1361412562310902953", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902953", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ms13-024.nasl 11865 2018-10-12 10:03:43Z cfischer $\n#\n# Microsoft SharePoint Server Privilege Elevation Vulnerabilities (2780176)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902953\");\n script_version(\"$Revision: 11865 $\");\n script_bugtraq_id(58372, 58370, 58367, 58371);\n script_cve_id(\"CVE-2013-0080\", \"CVE-2013-0083\", \"CVE-2013-0084\", \"CVE-2013-0085\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 12:03:43 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-13 11:50:53 +0530 (Wed, 13 Mar 2013)\");\n script_name(\"Microsoft SharePoint Server Privilege Elevation Vulnerabilities (2780176)\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/52551\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2687418\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2553407\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1028278\");\n script_xref(name:\"URL\", value:\"http://technet.microsoft.com/en-us/security/bulletin/ms13-024\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\", \"gb_ms_sharepoint_sever_n_foundation_detect.nasl\");\n script_mandatory_keys(\"MS/SharePoint/Server_or_Foundation_or_Services/Installed\");\n script_require_ports(139, 445);\n script_tag(name:\"impact\", value:\"Successful exploitation could allow an attacker to bypass certain security\n restrictions, disclose certain system data and conduct cross-site scripting\n and spoofing attacks.\");\n script_tag(name:\"affected\", value:\"Microsoft SharePoint Server 2010 Service Pack 1\n Microsoft SharePoint Foundation 2010 Service Pack 1\");\n script_tag(name:\"insight\", value:\"- The application allows users to perform certain actions via HTTP requests\n without performing proper validity checks to verify the requests.\n\n - Certain unspecified input is not properly sanitized before being returned\n to the user.\n\n - An error related to the W3WP process when handling URLs can be exploited\n to cause a buffer overflow and subsequently terminate the W3WP process via\n a specially crafted URL.\");\n script_tag(name:\"solution\", value:\"Run Windows Update and update the listed hotfixes or download and\n install the hotfixes from the referenced advisory.\");\n script_tag(name:\"summary\", value:\"This host is missing a critical security update according to\n Microsoft Bulletin MS13-024.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://technet.microsoft.com/en-us/security/bulletin/ms13-0-24\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(!get_kb_item(\"SMB/WindowsVersion\")){\n exit(0);\n}\n\n## SharePoint Server 2007 and 2010\nCPE = \"cpe:/a:microsoft:sharepoint_server\";\nif(version = get_app_version(cpe:CPE))\n{\n ## SharePoint Server 2010 (wosrv)\n if(version =~ \"^14\\..*\")\n {\n ## Not getting updated any file\n # # so checking for hotfix\n if(hotfix_missing(name:\"2553407\") == 1)\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n}\n\n## SharePoint Foundation 2010\nCPE = \"cpe:/a:microsoft:sharepoint_foundation\";\nif(version = get_app_version(cpe:CPE))\n{\n key = \"SOFTWARE\\Microsoft\\Shared Tools\\Web Server Extensions\\14.0\";\n if(registry_key_exists(key:key))\n {\n dllPath = registry_get_sz(key:key, item:\"Location\");\n if(dllPath)\n {\n dllVer = fetch_file_version(sysPath:dllPath, file_name:\"BIN\\Onetutil.dll\");\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"14.0\", test_version2:\"14.0.6134.5000\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n }\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-01-16T20:15:51", "references": ["https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-024"], "pluginID": "65213", "description": "The versions of Microsoft SharePoint Server 2010 and SharePoint\nFoundation 2010 have the following vulnerabilities :\n\n - A callback function vulnerability exists that could\n allow an attacker to read data or perform other\n unauthorized actions. (CVE-2013-0080)\n\n - A cross-site scripting vulnerability exists.\n (CVE-2013-0083)\n\n - A directory traversal vulnerability exists that could\n allow an attacker to read arbitrary files.\n (CVE-2013-0084)\n\n - A buffer overflow exists that could result in a denial\n of service. Code execution is reportedly not possible.\n (CVE-2013-0085)", "edition": 8, "reporter": "Tenable", "published": "2013-03-12T00:00:00", "title": "MS13-024: Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2780176)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Windows : Microsoft Bulletins", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0083", "CVE-2013-0085", "CVE-2013-0084", "CVE-2013-0080"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:microsoft:sharepoint_server", "cpe:/o:microsoft:windows", "cpe:/a:microsoft:sharepoint", "cpe:/a:microsoft:sharepoint_foundation"], "id": "SMB_NT_MS13-024.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=65213", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65213);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/15 20:50:31\");\n\n script_cve_id(\n \"CVE-2013-0080\",\n \"CVE-2013-0083\",\n \"CVE-2013-0084\",\n \"CVE-2013-0085\"\n );\n script_bugtraq_id(58367, 58370, 58371, 58372);\n script_xref(name:\"MSFT\", value:\"MS13-024\");\n script_xref(name:\"MSKB\", value:\"2553407\");\n script_xref(name:\"MSKB\", value:\"2687418\");\n\n script_name(english:\"MS13-024: Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2780176)\");\n script_summary(english:\"Checks file versions\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of SharePoint running on the remote host has multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The versions of Microsoft SharePoint Server 2010 and SharePoint\nFoundation 2010 have the following vulnerabilities :\n\n - A callback function vulnerability exists that could\n allow an attacker to read data or perform other\n unauthorized actions. (CVE-2013-0080)\n\n - A cross-site scripting vulnerability exists.\n (CVE-2013-0083)\n\n - A directory traversal vulnerability exists that could\n allow an attacker to read arbitrary files.\n (CVE-2013-0084)\n\n - A buffer overflow exists that could result in a denial\n of service. Code execution is reportedly not possible.\n (CVE-2013-0085)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-024\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for SharePoint Server 2010 and\nSharePoint Foundations 2010.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/03/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:sharepoint\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:sharepoint_foundation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:sharepoint_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nglobal_var bulletin, vuln;\n\nfunction get_ver()\n{\n local_var fh, path, rc, share, ver;\n\n path = _FCT_ANON_ARGS[0];\n\n share = hotfix_path2share(path:path);\n\n rc = NetUseAdd(share:share);\n if (rc != 1)\n {\n NetUseDel();\n audit(AUDIT_SHARE_FAIL, share);\n }\n\n ver = NULL;\n path = ereg_replace(string:path, pattern:\"^[A-Za-z]:(.*)\", replace:'\\\\1\\\\');\n\n fh = CreateFile(\n file : path,\n desired_access : GENERIC_READ,\n file_attributes : FILE_ATTRIBUTE_NORMAL,\n share_mode : FILE_SHARE_READ,\n create_disposition : OPEN_EXISTING\n );\n if (!isnull(fh))\n {\n ver = GetFileVersion(handle:fh);\n ver = join(ver, sep:\".\");\n CloseFile(handle:fh);\n }\n\n NetUseDel(close:FALSE);\n\n return ver;\n}\n\nfunction check_vuln(fix, kb, name, path, ver, min_ver)\n{\n local_var info;\n\n if (isnull(ver))\n ver = get_ver(path);\n\n if (isnull(ver) || ver_compare(ver:ver, fix:fix, strict:FALSE) >= 0)\n return 0;\n\n # If min_ver is supplied, make sure the version is higher than the min_ver\n if (min_ver && ver_compare(ver:ver, fix:min_ver, strict:FALSE) == -1)\n return 0;\n\n info =\n '\\n Product : ' + name +\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fix + '\\n';\n hotfix_add_report(info, bulletin:bulletin, kb:kb);\n\n vuln = TRUE;\n}\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\nbulletin = 'MS13-024';\nkbs = make_list('2553407', '2687418');\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\", exit_code:1);\n\n# needed for SharePoint Server 2010 check\nroot = hotfix_get_systemroot();\nif (isnull(root)) audit(AUDIT_FN_FAIL, 'hotfix_get_systemroot');\n\nregistry_init();\nhklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);\n\n# Get the path information for SharePoint Server 2010\nsps_2010_path = get_registry_value(\n handle : hklm,\n item : \"SOFTWARE\\Microsoft\\Office Server\\14.0\\InstallPath\"\n);\n\n# Get the path information for SharePoint Foundation 2010\nspf_2010_path = get_registry_value(\n handle : hklm,\n item : \"SOFTWARE\\Microsoft\\Shared Tools\\Web Server Extensions\\14.0\\Location\"\n);\n\nRegCloseKey(handle:hklm);\n\nif (isnull(sps_2010_path) && isnull(spf_2010_path))\n{\n close_registry();\n audit(AUDIT_NOT_INST, 'SharePoint Server/Foundation 2010');\n}\nelse\n{\n close_registry(close:FALSE);\n}\n\n# SharePoint Server 2010 SP1\nif (sps_2010_path)\n{\n check_vuln(\n name : \"SharePoint Server 2010\",\n kb : \"2589280\",\n path : root + \"\\assembly\\GAC_MSIL\\Microsoft.Office.Server.WebAnalytics.UI\\14.0.0.0__71e9bce111e9429c\\Microsoft.office.server.webanalytics.ui.dll\",\n fix : \"14.0.6129.5000\"\n );\n}\n\n# SharePoint Foundation 2010 SP1\n#\n# this check will also (correctly) identify vulnerable SharePoint Server 2010 systems.\n# footnote 1 in the bulletin says:\n# For supported editions of Microsoft SharePoint Server 2010, in\n# addition to the security update package for Microsoft SharePoint 2010\n# (2553407), customers also need to install the security update for\n# Microsoft SharePoint Foundation 2010 (2687418) to be protected from\n# the vulnerabilities described in this bulletin.\nif (spf_2010_path)\n{\n check_vuln(\n name : \"SharePoint Foundation 2010\",\n kb : \"2687418\",\n path : spf_2010_path + \"Bin\\Onetutil.dll\",\n min_ver: \"14.0.6029.1000\", # SP 1\n fix : \"14.0.6134.5001\"\n );\n}\n\nhotfix_check_fversion_end();\n\nif (!vuln) audit(AUDIT_HOST_NOT, 'affected');\n\n# Flag the system as vulnerable\nset_kb_item(name:\"SMB/Missing/\" + bulletin, value:TRUE);\nset_kb_item(name:\"www/0/XSS\", value:TRUE);\nhotfix_security_warning();\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "symantec": [{"lastseen": "2018-03-12T04:24:50", "references": ["http://office.microsoft.com/en-us/sharepointserver/FX100492001033.aspx"], "edition": 2, "description": "### Description\n\nMicrosoft SharePoint is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to escalate privileges and perform unauthorized actions.\n\n### Technologies Affected\n\n * Microsoft SharePoint Foundation 2010 SP1 \n * Microsoft SharePoint Server 2010 SP1 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nIf global access isn't needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of successful exploits.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy a NIDS between the computer that is hosting the vulnerable service and the network perimeter. Flag on all anomalous communications that are destined for the vulnerable service. Audit logs regularly for evidence of potential attacks.\n\n**Permit privileged access for trusted individuals only.** \nPermit privileged access to known and trusted individuals only. This may prove to limit exposure to this and other latent vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "reporter": "Symantec Security Response", "published": "2013-03-12T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "symantec", "title": "Microsoft SharePoint CVE-2013-0080 Privilege Escalation Vulnerability", "bulletinFamily": "software", "affectedSoftware": [{"name": "Microsoft SharePoint Server", "version": "2010 SP1 ", "operator": "eq"}, {"name": "Microsoft SharePoint Foundation", "version": "2010 SP1 ", "operator": "eq"}], "cvelist": ["CVE-2013-0080"], "modified": "2013-03-12T00:00:00", "id": "SMNTC-58371", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/58371", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-03-14T22:41:10", "references": ["http://office.microsoft.com/en-us/sharepointserver/FX100492001033.aspx"], "description": "### Description\n\nMicrosoft SharePoint is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied data. A remote attacker could exploit this vulnerability using directory-traversal strings (such as '../') to obtain sensitive information or elevate their privileges. This could help the attacker launch further attacks.\n\n### Technologies Affected\n\n * Microsoft SharePoint Foundation 2010 SP1 \n * Microsoft SharePoint Server 2010 SP1 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nIf global access isn't needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of successful exploits.\n\n**Disallow anonymous access to services. Permit access for trusted individuals only.** \nAllow access to services to trusted and accountable individuals only. \n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to detect and block attacks and anomalous activity such as requests containing suspicious URI sequences. Since the webserver may log such requests, review its logs regularly.\n\n**Run all software as a nonprivileged user with minimal access rights.** \nRunning server processes within a restricted environment using facilities such as chroot or jail may limit the consequences of successful exploits.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "edition": 2, "reporter": "Symantec Security Response", "published": "2013-03-12T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "symantec", "title": "Microsoft SharePoint CVE-2013-0084 Directory Traversal Vulnerability", "bulletinFamily": "software", "affectedSoftware": [{"name": "Microsoft SharePoint Server", "version": "2010 SP1 ", "operator": "eq"}, {"name": "Microsoft SharePoint Foundation", "version": "2010 SP1 ", "operator": "eq"}], "cvelist": ["CVE-2013-0084"], "modified": "2013-03-12T00:00:00", "id": "SMNTC-58370", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/58370", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-03-12T02:29:21", "references": ["http://office.microsoft.com/en-us/sharepointserver/FX100492001033.aspx"], "edition": 2, "description": "### Description\n\nMicrosoft SharePoint is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the application to become unresponsive, denying service to legitimate users.\n\n### Technologies Affected\n\n * Microsoft SharePoint Foundation 2010 SP1 \n * Microsoft SharePoint Server 2010 SP1 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nIf global access isn't needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of successful exploits.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This may indicate exploit attempts or activity that results from successful exploits.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "reporter": "Symantec Security Response", "published": "2013-03-12T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "symantec", "title": "Microsoft SharePoint CVE-2013-0085 Denial of Service Vulnerability", "bulletinFamily": "software", "affectedSoftware": [{"name": "Microsoft SharePoint Server", "version": "2010 SP1 ", "operator": "eq"}, {"name": "Microsoft SharePoint Foundation", "version": "2010 SP1 ", "operator": "eq"}], "cvelist": ["CVE-2013-0085"], "modified": "2013-03-12T00:00:00", "id": "SMNTC-58372", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/58372", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-03-12T04:24:41", "references": ["http://office.microsoft.com/en-us/sharepointserver/FX100492001033.aspx"], "description": "### Description\n\nMicrosoft SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to perform unauthorized actions such as reading, modifying, or deleting content on behalf of the victim on the SharePoint site.\n\n### Technologies Affected\n\n * Microsoft SharePoint Foundation 2010 SP1 \n * Microsoft SharePoint Server 2010 SP1 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nAttackers may successfully exploit client flaws in the browser through cross-site scripting vulnerabilities. When possible, run client software as regular user accounts with limited access to system resources. This may limit the immediate consequences of client-side vulnerabilities. \n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to detect and block attacks and anomalous activity such as requests containing suspicious URI sequences. Since the webserver may log such requests, review its logs regularly.\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to websites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users. \n\n**Set web browser security to disable the execution of script code or active content.** \nSince exploiting cross-site scripting issues often requires malicious script code to run in browsers, consider disabling script code and active content support within a client browser as a way to prevent a successful exploit. Note that this mitigation tactic might adversely affect legitimate sites that rely on the execution of browser-based script code. \n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "edition": 2, "reporter": "Symantec Security Response", "published": "2013-03-12T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "type": "symantec", "title": "Microsoft SharePoint CVE-2013-0083 Cross Site Scripting Vulnerability", "bulletinFamily": "software", "affectedSoftware": [{"name": "Microsoft SharePoint Server", "version": "2010 SP1 ", "operator": "eq"}, {"name": "Microsoft SharePoint Foundation", "version": "2010 SP1 ", "operator": "eq"}], "cvelist": ["CVE-2013-0083"], "modified": "2013-03-12T00:00:00", "id": "SMNTC-58367", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/58367", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}