[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Elevation of privilege vulnerability in Microsoft SharePoint Server - MS14-050

ID: oval:org.secpod.oval:def:20803Date: (C)2014-08-14   (M)2021-09-11
Class: PATCHFamily: windows




The host is missing a critical security update according to Microsoft bulletin, MS14-050. The update is required to fix elevation of privilege vulnerability. The flaw is present in the application, which fails to handle a specially crafted app that uses the SharePoint extensibility model to execute arbitrary JavaScript on behalf of the user. Successful exploitation allows attackers to execute arbitrary script in the security context of the logged-on user. The script could then, for example, take actions on the affected SharePoint site on behalf of the logged-on user with the same permissions as the logged-on user.

Platform:
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product:
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Reference:
MS14-050
CVE-2014-2816
CVE    1
CVE-2014-2816
CPE    4
cpe:/a:microsoft:sharepoint_foundation:2013
cpe:/a:microsoft:sharepoint_foundation:2013:sp1
cpe:/a:microsoft:sharepoint_server:2013:sp1
cpe:/a:microsoft:sharepoint_server:2013
...

© SecPod Technologies