This host is missing an important security update according to Microsoft Bulletin MS13-067.

Successful exploitation will allow attackers to conduct script insertion attacks, cause a DoS (Denial of Service), and compromise a vulnerable system. Impact Level: Application

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms13-067

Multiple Flaws are due to, - An error when handling an unassigned workflow can be exploited to cause the W3WP process to stop responding via a specially crafted URL. - An error related to MAC exists when handling unassigned workflows. - Input passed via the 'ms-descriptionText > ctl00_PlaceHolderDialogBodySection _PlaceHolderDialogBodyMainSection_ValSummary' parameter related to metadata storage assignment of the BDC permission management within the 'Sharepoint Online Cloud 2013 Service' section is not properly sanitised before being used. - Certain unspecified input is not properly sanitised before being returned to the user. - Multiple unspecified errors.

Excel Services on Microsoft SharePoint Server 2007 Excel Services on Microsoft SharePoint Server 2010 Word Automation Services on Microsoft SharePoint Server 2010

Get the vulnerable file version and check appropriate patch is applied or not.

• http://secunia.com/advisories/54741
• http://technet.microsoft.com/en-us/security/bulletin/MS13-067
• http://www.vulnerability-lab.com/get_content.php?id=812

---

Updated on 2015-03-25