PT-2013-5356 · Microsoft · Office Web Apps+1

Published

2013-12-10

Updated

2018-10-12

CVE-2013-5059

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server versions 2010 SP1 through 2010 SP2 Microsoft SharePoint Server version 2013 Office Web Apps version 2013

Description The issue allows remote attackers to execute arbitrary code via crafted page content. Remote code execution vulnerabilities exist, enabling an authenticated attacker to run arbitrary code in the security context of the W3WP service account.

Recommendations For Microsoft SharePoint Server versions 2010 SP1 and 2010 SP2, update to a version that includes the fix for this issue. For Microsoft SharePoint Server version 2013, apply the necessary security patches to resolve the vulnerability. For Office Web Apps version 2013, ensure that all security updates are applied to mitigate the risk of exploitation.

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2013-5059

Affected Products

Sharepoint Server

Office Web Apps

PT-2013-5356 · Microsoft · Office Web Apps+1

CVE-2013-5059

Weakness Enumeration

Related Identifiers

Affected Products

References · 5