CVE-2013-0080

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server 2010 SP1 Microsoft SharePoint Foundation 2010 SP1

Description The issue allows remote attackers to bypass intended read restrictions for content and hijack user accounts via a crafted URL. An elevation of privilege exists, enabling an attacker to elevate their access to the server after obtaining sensitive system data.

Recommendations For Microsoft SharePoint Server 2010 SP1, consider restricting access to sensitive system data until a fix is available. For Microsoft SharePoint Foundation 2010 SP1, avoid using crafted URLs that could lead to user account hijacking until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.