CVE-2013-1330

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Portal Server versions 2003 SP3 through 2010 SP2 SharePoint Server versions 2007 SP3 through 2010 SP2 Office Web Apps version 2010

Description A remote code execution issue exists due to the improper setting of the EnableViewStateMac attribute, allowing attackers to execute arbitrary code by leveraging an unassigned workflow. This issue can be exploited by remote attackers, potentially leading to the execution of arbitrary code in the context of the W3WP service account.

Recommendations For Microsoft SharePoint Portal Server 2003 SP3, consider setting the EnableViewStateMac attribute to prevent exploitation. For SharePoint Server 2007 SP3 and 2010 SP1 and SP2, set the EnableViewStateMac attribute to mitigate the risk. For Office Web Apps 2010, set the EnableViewStateMac attribute to prevent arbitrary code execution. As a temporary workaround, consider restricting access to unassigned workflows until a patch is available.