Microsoft SharePoint Foundation Privilege Elevation Vulnerability (3000431) Network Vulnerability

Summary

This host is missing a important security update according to Microsoft Bulletin MS14-073.

Impact

Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Impact Level: Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, https://technet.microsoft.com/library/security/MS14-073

Insight

Certain input related to page content in SharePoint lists is not properly sanitised before being used.

Affected

Microsoft SharePoint Foundation 2010 Service Pack 2 and prior.

Detection

Get the vulnerable file version and check appropriate patch is applied or not.

References

http://secunia.com/advisories/60009
https://support.microsoft.com/kb/3000431
https://technet.microsoft.com/library/security/MS14-073

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-4116
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Microsoft Windows Defender Privilege Elevation Vulnerability (2847927)
Microsoft Window XML Core Services Information Disclosure Vulnerability (2966061)
Microsoft Windows Kernel Privilege Elevation Vulnerabilities (2813170)
Active Directory Certificate Services Web Enrollment Elevation of Privilege Vulnerability (2518295)
Microsoft Lync Server Information Disclosure Vulnerability (2969258)

Take action and discover your vulnerabilities