Oleksandr Mirosh

Nome do Software Vulnerável e Versões Afetadas Microsoft Office SharePoint (versões afetadas não especificadas) Descrição A validação inadequada de entrada no Microsoft Office SharePoint permite que um atacante autorizado execute código por meio de uma rede. Recomendações No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Microsoft Exchange Server 2007 SP2 on the x64 platform Microsoft Exchange 2007 **Description** A denial of service issue exists due to the way the Microsoft Exchange store processes specially crafted RPC calls. The vulnerable code path is only accessible to authenticated users. An authenticated attacker could exploit this by sending a specially crafted network message to a computer running the Exchange service, causing the Exchange service to stop responding until manually restarted. **Recommendations** For Microsoft Exchange Server 2007 SP2 on the x64 platform, consider restricting access to the RPC endpoint to minimize the risk of exploitation. For Microsoft Exchange 2007, restrict access to the vulnerable code path to prevent authenticated attackers from sending specially crafted network messages. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office SharePoint Server 2007 SP2 **Description** The issue is related to an unrestricted file upload vulnerability in the Document Conversions Launcher Service. This allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082. A remote code execution vulnerability exists in the way the Document Conversions Launcher Service validates SOAP requests before processing on a SharePoint server. An attacker who successfully exploited this vulnerability could run arbitrary code on an affected SharePoint server under the security context of a guest account. **Recommendations** For Microsoft Office SharePoint Server 2007 SP2, consider disabling the Document Conversions Load Balancer Service as a temporary workaround until a patch is available. Restrict access to the Document Conversions Launcher Service to minimize the risk of exploitation. Avoid using the service for file uploads until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows Media Player Network Sharing Service versions prior to the fixed version **Description** A use-after-free issue in the Media Player Network Sharing Service allows remote attackers to execute arbitrary code via a crafted Real Time Streaming Protocol (RTSP) packet. This could enable a remote user to send a specially crafted network packet to an instance of the application's network streaming service, causing remote code execution in the context of the current application. **Recommendations** For Microsoft Windows Vista SP1 and SP2 and Windows 7, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.