CVE-2015-1700

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server 2007 SP3 Microsoft SharePoint Foundation 2010 SP2 Microsoft SharePoint Server 2010 SP2 Microsoft SharePoint Foundation 2013 SP1

Description The issue allows remote authenticated users to execute arbitrary code via crafted page content. This occurs because SharePoint Server improperly sanitizes specially crafted page content, enabling an attacker to run arbitrary code in the security context of the W3WP service account on the target SharePoint site.

Recommendations For Microsoft SharePoint Server 2007 SP3, update to a newer version to mitigate the risk. For Microsoft SharePoint Foundation 2010 SP2, update to a newer version to mitigate the risk. For Microsoft SharePoint Server 2010 SP2, update to a newer version to mitigate the risk. For Microsoft SharePoint Foundation 2013 SP1, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to crafted page content until a patch is available.