Arbitrary Code Execution Vulnerability in Microsoft Web Applications 2010
CVE-2014-1813

Currently unrated

Key Information:

Vendor: Microsoft
Status: Web Applications
Vendor: CVE Published:; 14 May 2014

Summary

Microsoft Web Applications 2010 versions SP1 and SP2 contain a flaw that allows remote authenticated users to execute arbitrary code through specially crafted page content. This vulnerability highlights a critical security gap that could be exploited in environments where authenticated users are able to upload or manipulate content, ultimately risking detrimental effects on system integrity and data confidentiality.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securitytracker.com/id/1030227

vdb-entryx_refsource_SECTRACK

EPSS Score

20% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 14, 2014
Vulnerability Reserved
Jan 29, 2014