Elevation of privilege vulnerability in Microsoft SharePoint Server - MS14-050ID: oval:org.secpod.oval:def:20803 | Date: (C)2014-08-14 (M)2021-09-11 |
Class: PATCH | Family: windows |
The host is missing a critical security update according to Microsoft bulletin, MS14-050. The update is required to fix elevation of privilege vulnerability. The flaw is present in the application, which fails to handle a specially crafted app that uses the SharePoint extensibility model to execute arbitrary JavaScript on behalf of the user. Successful exploitation allows attackers to execute arbitrary script in the security context of the logged-on user. The script could then, for example, take actions on the affected SharePoint site on behalf of the logged-on user with the same permissions as the logged-on user.
Platform: |
Microsoft Windows 7 |
Microsoft Windows 8 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2012 R2 |
Product: |
Microsoft SharePoint Foundation 2013 |
Microsoft SharePoint Server 2013 |