MS14-073: Vulnerability in Microsoft SharePoint Foundation Could Allow Elevation of Privilege (3000431)

medium Nessus Plugin ID 79133

Synopsis

The remote host is affected by a privilege escalation vulnerability.

Description

The version of SharePoint Foundation installed on the remote Windows host is affected by a privilege escalation vulnerability due to the improper validation of page content in SharePoint lists. By exploiting this flaw, a remote authenticated attacker can run arbitrary code in the security context of the logged-on user.

Solution

Microsoft has released patches for SharePoint Foundation 2010 SP2.

See Also

http://www.nessus.org/u?aa023802

Plugin Details

Severity: Medium

ID: 79133

File Name: smb_nt_ms14-073.nasl

Version: 1.8

Type: local

Agent: windows

Published: 11/12/2014

Updated: 1/28/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.6

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2014-4116

CVSS v3

Risk Factor: Medium

Base Score: 5.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Vulnerability Information

CPE: cpe:/a:microsoft:sharepoint_server, cpe:/a:microsoft:sharepoint_foundation

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 11/11/2014

Vulnerability Publication Date: 11/11/2014

Reference Information

CVE: CVE-2014-4116

BID: 70980

IAVA: 2014-A-0175

MSFT: MS14-073

MSKB: 2889838