Microsoft SharePoint Could Allow Remote Code Execution Vulnerability (2455005) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS10-104

Impact

Successful exploitation could allow attackers to execute arbitrary code in the security context of a guest account. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/Bulletin/MS10-104.mspx

Insight

The flaws are due an error in the 'Document Conversions Launcher Service' when handling specially crafted 'Simple Object Access Protocol (SOAP)' requests in a SharePoint server environment that is using the Document Conversions Load Balancer Service.

Affected

Microsoft Office SharePoint Server 2007 Service Pack 2

References

http://secunia.com/advisories/42631
http://www.microsoft.com/technet/security/Bulletin/MS10-104.mspx
http://www.vupen.com/english/advisories/2010/3226

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3964
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Checks for MS HOTFIX for snmp buffer overruns
Microsoft .NET Common Language Runtime Code Execution Vulnerability (974378)
Cumulative Security Update for Internet Explorer (928090)
Buffer Overrun in Messenger Service (828035)
Microsoft Distributed File System Remote Code Execution Vulnerabilities (2535512)

Take action and discover your vulnerabilities