The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Office SharePoint Server

computer weakness bulletin CVE-2010-3964

Microsoft SharePoint Server: code execution

Synthesis of the vulnerability

When the Document Conversions Launcher and Load Balancer services are enabled, an attacker can send a malicious SOAP query, in order to execute code in Microsoft Office SharePoint Server.
Severity: 3/4.
Creation date: 15/12/2010.
Identifiers: 2455005, BID-45264, CERTA-2010-AVI-607, CVE-2010-3964, MS10-104, VIGILANCE-VUL-10213, ZDI-10-287.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Document Conversions Launcher Service starts document conversions. It runs under the HVU_ComputerName account. It is disabled by default.

The Document Conversions Load Balancer Service balances document conversions. It receives SOAP queries. It is disabled by default.

When these services are enabled, an attacker can send a SOAP query to Load Balancer, which transmits information to Launcher. However, Launcher does not correctly check data, so its memory is corrupted.

When the Document Conversions Launcher and Load Balancer services are enabled, an attacker can therefore send a malicious SOAP query to Load Balancer, in order to execute code in Launcher with HVU_ComputerName privileges.
Full Vigil@nce bulletin... (Free trial)

weakness alert CVE-2010-3243 CVE-2010-3324

SharePoint: Cross Site Scripting

Synthesis of the vulnerability

An attacker can inject script code in a SharePoint site using the SafeHTML method to filter data.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 13/10/2010.
Identifiers: 2412048, CERTA-2010-AVI-482, CVE-2010-3243, CVE-2010-3324, MS10-072, VIGILANCE-VUL-10019.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The SafeHTML method filters data. It is for example used to suppress JavaScript code contained in data submitted by web clients, before displaying it on the web site. However, two vulnerabilities impact SafeHTML, so this filtering is useless.

The SafeHTML method does not correctly filter HTML pages, so an attacker can generate a Cross Site Scripting. [severity:2/4; CERTA-2010-AVI-482, CVE-2010-3243]

The SafeHTML method does not correctly filter HTML pages, so an attacker can generate a Cross Site Scripting. [severity:2/4; CVE-2010-3324]

An attacker can therefore inject script code in a SharePoint site using the SafeHTML method to filter data.
Full Vigil@nce bulletin... (Free trial)

cybersecurity note CVE-2010-0817 CVE-2010-1257 CVE-2010-1264

Microsoft SharePoint, InfoPath: three vulnerabilities

Synthesis of the vulnerability

Three vulnerabilities of Microsoft SharePoint and InfoPath can be used by an attacker to generate a Cross Site Scripting, to obtain information, or to create a denial of service.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 09/06/2010.
Identifiers: 2028554, BID-39776, BID-40409, BID-40559, CERTA-2010-AVI-251, CVE-2010-0817, CVE-2010-1257, CVE-2010-1264, MS10-039, VIGILANCE-VUL-9695.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Three vulnerabilities were announced in Microsoft SharePoint and InfoPath.

An attacker can use the help page of Microsoft SharePoint Server, in order to generate a Cross Site Scripting (VIGILANCE-VUL-9620). [severity:2/4; BID-39776, CERTA-2010-AVI-251, CVE-2010-0817]

The toStaticHTML API is used to suppress JavaScript code included in a HTML document, in order to display it securely. However, a malformed HTML page can bypass this protection, and execute malicious JavaScript code in the context of another web site. [severity:3/4; BID-40409, CVE-2010-1257]

An attacker can send a malicious query to the Help.aspx page, in order to generate a denial of service. [severity:3/4; BID-40559, CVE-2010-1264]
Full Vigil@nce bulletin... (Free trial)

computer threat note CVE-2010-0817

Microsoft SharePoint Server: Cross Site Scripting via help.aspx

Synthesis of the vulnerability

An attacker can use the help page of Microsoft SharePoint Server, in order to generate a Cross Site Scripting.
Severity: 2/4.
Creation date: 29/04/2010.
Revision date: 30/04/2010.
Identifiers: 2028554, 983438, BID-39776, CVE-2010-0817, MS10-039, VIGILANCE-VUL-9620.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The help page of the Microsoft SharePoint Server environment is managed by the script "/_layouts/help.aspx".

The "cid0" parameter of help.aspx indicates the name of the Manifest file. For example:
  help.aspx?cid0=MS.WSS.manifest.xml
However, if this parameter contains a null character, the code located after it is directly displayed in the HTML page.

An attacker can therefore use the help page of Microsoft SharePoint Server, in order to generate a Cross Site Scripting.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2010-0257 CVE-2010-0258 CVE-2010-0260

Excel: several vulnerabilities

Synthesis of the vulnerability

An attacker can invite the victim to open a malicious Excel document, in order to execute code on his computer.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 7.
Creation date: 10/03/2010.
Identifiers: 980150, BID-38547, BID-38550, BID-38551, BID-38552, BID-38553, BID-38554, BID-38555, CERTA-2010-AVI-115, CORE-2009-1103, CVE-2010-0257, CVE-2010-0258, CVE-2010-0260, CVE-2010-0261, CVE-2010-0262, CVE-2010-0263, CVE-2010-0264, MS10-017, VIGILANCE-VUL-9508, ZDI-10-025.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Excel.

An Excel document can contain a malformed field, in order to corrupt the memory, and to execute code. [severity:3/4; BID-38547, CERTA-2010-AVI-115, CVE-2010-0257]

An Excel document can force an error in the data type management, in order to corrupt the memory, and to execute code. [severity:3/4; BID-38550, CVE-2010-0258]

An Excel document can contain a malformed MDXTUPLE field, in order to generate a memory overflow, and to execute code. [severity:3/4; BID-38551, CVE-2010-0260]

An Excel document can contain a malformed MDXSET field, in order to generate a memory overflow, and to execute code. [severity:3/4; BID-38552, CVE-2010-0261]

An Excel document can contain a malformed FNGROUPNAME field, in order to force the usage of an unallocated memory area, and to execute code. [severity:3/4; BID-38553, CVE-2010-0262]

A XLSX Excel document (in ZIP format) can contain a malformed header, in order to corrupt the memory, and to execute code. [severity:3/4; BID-38554, CVE-2010-0263, ZDI-10-025]

An Excel document can contain a malformed DbOrParamQry field, in order to corrupt the memory, and to execute code. [severity:3/4; BID-38555, CORE-2009-1103, CVE-2010-0264]

An attacker can therefore invite the victim to open a malicious Excel document, in order to execute code on his computer.
Full Vigil@nce bulletin... (Free trial)

computer weakness CVE-2008-5026

Microsoft SharePoint: Cross Site Scripting

Synthesis of the vulnerability

An attacker allowed to upload a malicious content to Microsoft SharePoint can create a Cross Site Scripting.
Severity: 1/4.
Creation date: 13/11/2008.
Revision date: 22/02/2010.
Identifiers: CVE-2008-5026, VIGILANCE-VUL-8245.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

SharePoint users can upload HTML files on the server.

These files are not filtered, and the JavaScript code they contain runs in the same context as documents uploaded by other users.

An attacker, with no access to some information, can therefore invite the victim to read a malicious document which accesses to other documents with victim's rights.
Full Vigil@nce bulletin... (Free trial)

computer weakness announce CVE-2009-3830

Microsoft SharePoint Server: reading ASPX files

Synthesis of the vulnerability

An attacker can obtain the source code of some pages hosted on Microsoft Office SharePoint Server.
Severity: 2/4.
Creation date: 27/10/2009.
Identifiers: 976829, BID-36817, CVE-2009-3830, VIGILANCE-VUL-9126.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Microsoft Office SharePoint Server hosts pages with the ASPX extension.

Some ASPX pages can be located in a Document Library, which can be reached via:
  http://server/DocumentLibrary/page.aspx

The source code of ASPX pages should not be readable. However, an attacker can use the /_layouts/download.aspx url, in order to access to the source code of pages located in a Document Library.

An attacker can therefore obtain the source code of some pages hosted on Microsoft Office SharePoint Server.
Full Vigil@nce bulletin... (Free trial)

security alert CVE-2009-0549 CVE-2009-0557 CVE-2009-0558

Excel: several vulnerabilities

Synthesis of the vulnerability

Several Excel vulnerabilities can be used by an attacker to execute code on computers of victims accepting to open a malicious file.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 7.
Creation date: 10/06/2009.
Identifiers: 969462, BID-35215, BID-35241, BID-35242, BID-35243, BID-35244, BID-35245, BID-35246, CERTA-2009-AVI-216, CVE-2009-0549, CVE-2009-0557, CVE-2009-0558, CVE-2009-0559, CVE-2009-0560, CVE-2009-0561, CVE-2009-1134, FSC20090609-01, MS09-021, VIGILANCE-VUL-8777, ZDI-09-040.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several Excel vulnerabilities can be used by an attacker to execute code on computers of victims accepting to open a malicious file.

An Excel file can contain an invalid record pointer in order to corrupt the memory, which leads to code execution. [severity:3/4; BID-35215, CERTA-2009-AVI-216, CVE-2009-0549]

An Excel file can contain an invalid record in order to corrupt the memory, which leads to code execution. [severity:3/4; BID-35241, CVE-2009-0557]

An Excel file can contain an invalid array index in order to corrupt the memory, which leads to code execution. [severity:3/4; BID-35242, CVE-2009-0558]

An Excel file can contain a long string, which generates a buffer overflow and leads to code execution. [severity:3/4; BID-35243, CVE-2009-0559, FSC20090609-01]

An Excel file can contain an invalid field in order to corrupt the memory, which leads to code execution. [severity:3/4; BID-35244, CVE-2009-0560]

An Excel file can contain a record with many strings in order to generate an integer overflow, which leads to code execution. [severity:3/4; BID-35245, CVE-2009-0561]

An Excel file can contain an invalid record pointer in order to corrupt the memory, which leads to code execution. [severity:3/4; BID-35246, CVE-2009-1134, ZDI-09-040]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2008-4032

Microsoft Office SharePoint: access to the administration interface

Synthesis of the vulnerability

An attacker can access to a part of the administration interface of Microsoft Office SharePoint.
Severity: 2/4.
Creation date: 10/12/2008.
Identifiers: 957175, BID-32638, CERTA-2008-AVI-591, CVE-2008-4032, MS08-077, VIGILANCE-VUL-8309.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The access to the administration interface of Microsoft Office SharePoint requires an authentication.

However, an area of this interface does not ask for an authentication.

An attacker can therefore use a direct url in order to:
 - overload the server
 - obtain path names
 - obtain email addresses
 - create scripts to be run in the context of the web site
Full Vigil@nce bulletin... (Free trial)

cybersecurity threat CVE-2008-3471 CVE-2008-3477 CVE-2008-4019

Excel: three vulnerabilities

Synthesis of the vulnerability

An attacker can create a malicious Excel file and invite the victim to open it in order to execute code on his computer.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 15/10/2008.
Identifiers: 956416, BID-31702, BID-31705, BID-31706, CERTA-2008-AVI-498, CVE-2008-3471, CVE-2008-3477, CVE-2008-4019, MS08-057, VIGILANCE-VUL-8165, ZDI-08-068.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Three vulnerabilities leading to code execution were announced in Excel.

A document can contain an object and access it with VBA (Visual Basic for Applications - "VBA Performance Cache"), which exploits several vulnerabilities, and leads to code execution. [severity:3/4; BID-31702, CVE-2008-3477]

Opening an Excel file with malformed BIFF data creates a buffer overflow leading to code execution. [severity:3/4; BID-31705, CERTA-2008-AVI-498, CVE-2008-3471, ZDI-08-068]

Opening an Excel file using a REPT formula creates an integer overflow. [severity:3/4; BID-31706, CVE-2008-4019]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Office SharePoint Server: