PT-2013-5356 · Microsoft · Office Web Apps+1

Publicado

2013-12-10

Atualizado

2018-10-12

CVE-2013-5059

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server versions 2010 SP1 through 2010 SP2 Microsoft SharePoint Server version 2013 Office Web Apps version 2013

Description The issue allows remote attackers to execute arbitrary code via crafted page content. Remote code execution vulnerabilities exist, enabling an authenticated attacker to run arbitrary code in the security context of the W3WP service account.

Recommendations For Microsoft SharePoint Server versions 2010 SP1 and 2010 SP2, update to a version that includes the fix for this issue. For Microsoft SharePoint Server version 2013, apply the necessary security patches to resolve the vulnerability. For Office Web Apps version 2013, ensure that all security updates are applied to mitigate the risk of exploitation.

Correção

RCE

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2013-5059

Produtos afetados

Sharepoint Server

Office Web Apps

PT-2013-5356 · Microsoft · Office Web Apps+1

CVE-2013-5059

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5