Remote Code Execution Vulnerability in Microsoft SharePoint Products
CVE-2013-1330

Currently unrated

Key Information:

Vendor
Microsoft
Status
Sharepoint Services
Sharepoint Foundation
Sharepoint Server
Sharepoint Portal Server
Vendor
CVE Published:
11 September 2013

Summary

A security vulnerability exists in Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3, and SharePoint Server 2010, as well as Office Web Apps 2010, due to a misconfiguration that fails to set the EnableViewStateMac attribute. This oversight can be exploited by remote attackers through unassigned workflows, enabling them to execute arbitrary code. Proper configuration and updates are essential to mitigate this risk.

References

https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL
https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS
https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS

EPSS Score

59% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.