The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of MOSS

vulnerability note CVE-2014-1761

Word: memory corruption via RTF

Synthesis of the vulnerability

An attacker can create a malicious RTF file, to generate a memory corruption in Word, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Office, Excel, Outlook, PowerPoint, MOSS, Word.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, denial of service on client.
Provenance: document.
Creation date: 25/03/2014.
Identifiers: 2949660, 2953095, CERTFR-2014-ALE-002, CVE-2014-1761, MS14-017, VIGILANCE-VUL-14464.

Description of the vulnerability

The Word product is configured to open RTF (Rich Text Format) documents. Microsoft Outlook calls by default Word to open RTF emails.

However, a malformed RTF file corrupts the Word memory.

An attacker can therefore create a malicious RTF file, to generate a memory corruption in Word, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2014-0258 CVE-2014-0259 CVE-2014-0260

Word, SharePoint: three vulnerabilities

Synthesis of the vulnerability

An attacker can invite the victim to open a malicious file with Word, or use it with SharePoint, in order to execute code on his computer.
Impacted products: Office, MOSS, Word.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 14/01/2014.
Identifiers: 2916605, BID-64726, BID-64727, BID-64728, CERTA-2014-AVI-014, CVE-2014-0258, CVE-2014-0259, CVE-2014-0260, MS14-001, VIGILANCE-VUL-14084.

Description of the vulnerability

Several vulnerabilities were announced in Word and SharePoint.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-64726, CVE-2014-0258]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-64727, CVE-2014-0259]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-64728, CVE-2014-0260]

An attacker can therefore invite the victim to open a malicious file with Word, or use it with SharePoint, in order to execute code on his computer.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2013-5059

Microsoft SharePoint: code execution

Synthesis of the vulnerability

An authenticated attacker can upload a malicious document on Microsoft SharePoint, in order to execute code.
Impacted products: MOSS.
Severity: 3/4.
Consequences: user access/rights.
Provenance: user account.
Creation date: 10/12/2013.
Identifiers: 2904244, BID-64081, CERTA-2013-AVI-666, CVE-2013-5059, MS13-100, VIGILANCE-VUL-13930.

Description of the vulnerability

The Microsoft SharePoint service hosts users' documents.

However, the content of documents can be directly run with privileges of the W3WP service.

An authenticated attacker can therefore upload a malicious document on Microsoft SharePoint, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2013-3889 CVE-2013-3895

Microsoft SharePoint: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft SharePoint.
Impacted products: MOSS.
Severity: 3/4.
Consequences: administrator access/rights, user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 08/10/2013.
Identifiers: 2885089, BID-62800, BID-62829, CERTA-2013-AVI-563, CVE-2013-3889, CVE-2013-3895, MS13-084, VIGILANCE-VUL-13563.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft SharePoint.

An attacker can generate a memory corruption via an Excel document, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-62829, CVE-2013-3889]

An attacker can use a ClickJacking, in order to escalate his privileges. [severity:2/4; BID-62800, CVE-2013-3895]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2013-0081 CVE-2013-1315 CVE-2013-1330

Microsoft SharePoint Server: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft SharePoint Server.
Impacted products: Office, Excel, MOSS, Word.
Severity: 4/4.
Consequences: administrator access/rights, user access/rights, client access/rights, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 10.
Creation date: 10/09/2013.
Identifiers: 2834052, BID-62165, BID-62168, BID-62169, BID-62205, BID-62221, BID-62224, BID-62226, BID-62227, BID-62254, CERTA-2013-AVI-512, CVE-2013-0081, CVE-2013-1315, CVE-2013-1330, CVE-2013-3179, CVE-2013-3180, CVE-2013-3847, CVE-2013-3848, CVE-2013-3849, CVE-2013-3857, CVE-2013-3858, MS13-067, VIGILANCE-VUL-13397.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft SharePoint Server.

An attacker can use a malicious url, in order to trigger a denial of service. [severity:2/4; BID-62205, CVE-2013-0081]

An attacker can generate a memory corruption with an Excel file, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2013-1315]

When Viewstate MAC is disabled, an attacker can use an unassigned workflow, in order to execute code. [severity:4/4; BID-62221, CVE-2013-1330]

An attacker can trigger a Cross Site Scripting, in order to execute JavaScript code in the context of the web site. [severity:2/4; BID-62227, CVE-2013-3179]

An attacker can trigger a Cross Site Scripting via a POST query, in order to execute JavaScript code in the context of the web site. [severity:2/4; BID-62254, CVE-2013-3180]

An attacker can generate a memory corruption via a Word file, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-62165, CVE-2013-3847]

An attacker can generate a memory corruption via a Word file, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-62168, CVE-2013-3848]

An attacker can generate a memory corruption via a Word file, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-62169, CVE-2013-3849]

An attacker can generate a memory corruption via a Word file, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-62224, CVE-2013-3857]

An attacker can generate a memory corruption via a Word file, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-62226, CVE-2013-3858]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2013-1289

Microsoft SharePoint Server, InfoPath: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting in Microsoft SharePoint Server 2010, in order to execute JavaScript code in the context of the web site.
Impacted products: Office, InfoPath, MOSS.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 09/04/2013.
Identifiers: 2821818, BID-58883, CERTA-2013-AVI-232, CVE-2013-1289, MS13-035, VIGILANCE-VUL-12640.

Description of the vulnerability

The web service of Microsoft SharePoint Server hosts users' data.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting in Microsoft SharePoint Server 2010, in order to execute JavaScript code in the context of the web site.

Note: Microsoft InfoPath 2010 contains the vulnerable component, but it cannot be used as an attack vector.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2013-1290

Microsoft SharePoint Server: information disclosure

Synthesis of the vulnerability

An authenticated attacker can access to some documents of Microsoft SharePoint Server, which should be protected by an access control.
Impacted products: MOSS.
Severity: 2/4.
Consequences: data reading.
Provenance: user account.
Creation date: 09/04/2013.
Identifiers: 2827663, BID-58844, CERTA-2013-AVI-227, CVE-2013-1290, MS13-030, VIGILANCE-VUL-12635.

Description of the vulnerability

The Microsoft SharePoint Server 2013 service can be installed as a migration from version 2010.

However, in this case, access controls are not applied on some lists.

An authenticated attacker can therefore access to some documents of Microsoft SharePoint Server, which should be protected by an access control.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2013-0080 CVE-2013-0083 CVE-2013-0084

Microsoft SharePoint Server 2010: four vulnerabilities

Synthesis of the vulnerability

A remote attacker can use four vulnerabilities of Microsoft SharePoint Server 2010, in order to elevate his privileges.
Impacted products: MOSS.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 4.
Creation date: 12/03/2013.
Identifiers: 2780176, BID-58367, BID-58370, BID-58371, BID-58372, CERTA-2013-AVI-180, CVE-2013-0080, CVE-2013-0083, CVE-2013-0084, CVE-2013-0085, MS13-024, VIGILANCE-VUL-12513.

Description of the vulnerability

Four vulnerabilities were announced in Microsoft SharePoint Server 2010.

An attacker can read or delete data. [severity:3/4; BID-58371, CVE-2013-0080]

An attacker can trigger a Cross Site Scripting, in order to perform operations on the server, with victim's privileges. [severity:3/4; BID-58367, CVE-2013-0083]

An attacker can use a special url, in order to access to the content of other directories. [severity:3/4; BID-58370, CVE-2013-0084]

An attacker can use a special url, to trigger a buffer overflow, in order to stop the W3WP process. [severity:2/4; BID-58372, CVE-2013-0085]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2013-0393 CVE-2013-0418

Oracle Outside In Technology: several vulnerabilities of January 2013

Synthesis of the vulnerability

Several vulnerabilities of Oracle Outside In Technology are fixed by the CPU of January 2013.
Impacted products: McAfee Email and Web Security, GroupShield, McAfee Security for Email Servers, Exchange, MOSS, Oracle OIT, Symantec Enterprise Vault.
Severity: 3/4.
Consequences: user access/rights, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 16/01/2013.
Revision date: 18/01/2013.
Identifiers: 2809279, BID-57357, BID-57364, CERTA-2013-AVI-041, CERTA-2013-AVI-116, cpujan2013, CVE-2013-0393, CVE-2013-0418, MS13-012, VIGILANCE-VUL-12333, ZDI-13-001.

Description of the vulnerability

A Critical Patch Update fixes several vulnerabilities of Oracle Outside In Technology. These libraries are used by several products, which are thus also impacted by these vulnerabilities.

An attacker can create malicious Paradox data, in order to force the vspdx.dll library to read at an invalid memory address, which leads to a denial of service. [severity:2/4; BID-57357, CVE-2013-0393]

An attacker can create malicious Paradox data, in order to trigger a buffer overflow in the vspdx.dll library, which can lead to code execution. [severity:3/4; BID-57364, CVE-2013-0418]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2013-0006 CVE-2013-0007

Windows, IE, Office, SharePoint: code execution via Microsoft XML Core Services

Synthesis of the vulnerability

An attacker can invite the victim to open a malformed XML document, with an application using Microsoft XML Core Services, in order to corrupt the memory, and to execute code.
Impacted products: Office, Access, Excel, Microsoft FrontPage, InfoPath, OneNote, Outlook, PowerPoint, Project, Publisher, MOSS, Visio, Word, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista, Windows XP.
Severity: 4/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 08/01/2013.
Identifiers: 2756145, BID-57116, BID-57122, CERTA-2013-AVI-011, CVE-2013-0006, CVE-2013-0007, MS13-002, VIGILANCE-VUL-12310.

Description of the vulnerability

The Microsoft XML Core Services (MSXML) library is used by Microsoft applications which process XML data. It is impacted by two vulnerabilities.

An attacker can use XML data which truncates an integer, and corrupts the memory. [severity:4/4; BID-57116, CVE-2013-0006]

An attacker can use XSLT (Extensible Stylesheet Language Transformations) data which corrupt the memory. [severity:4/4; BID-57122, CVE-2013-0007]

An attacker can therefore invite the victim to open a malformed XML document, with an application using Microsoft XML Core Services (such as Internet Explorer), in order to corrupt the memory, and to execute code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about MOSS: