Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2885089) |
Informations | |||
---|---|---|---|
Name | MS13-084 | First vendor Publication | 2013-10-08 |
Vendor | Microsoft | Last vendor Modification | 2013-11-06 |
Severity (Vendor) | Important | Revision | 1.1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.1 (November 6, 2013): Corrected the product name for the Microsoft Office Web Apps Server 2013 (2827222) update. This is an informational change only. There were no changes to the update files or detection logic. Customers who have not applied the 2827222 update should reevaluate the applicability of the update for their environments based on the corrected information. |
Original Source
Url : http://technet.microsoft.com/en-us/security/bulletin/ms13-084 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-264 | Permissions, Privileges, and Access Controls |
50 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:18901 | |||
Oval ID: | oval:org.mitre.oval:def:18901 | ||
Title: | Remote code execution vulnerability in Microsoft Office for Mac 2011 (CVE-2013-3889) - MS13-085 | ||
Description: | Microsoft Excel 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; Office Compatibility Pack SP3; and Excel Services and Word Automation Services in SharePoint Server 2013 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Excel Memory Corruption Vulnerability." | ||
Family: | macos | Class: | vulnerability |
Reference(s): | CVE-2013-3889 | Version: | 3 |
Platform(s): | Apple Mac OS X Apple Mac OS X Server | Product(s): | Microsoft Office 2011 for Mac |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18991 | |||
Oval ID: | oval:org.mitre.oval:def:18991 | ||
Title: | Parameter injection vulnerability in Microsoft SharePoint (CVE-2013-3895) - MS13-084 | ||
Description: | Microsoft SharePoint Server 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to conduct clickjacking attacks via a crafted web page, aka "Parameter Injection Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-3895 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft SharePoint Server 2007 Microsoft SharePoint Services 3.0 Microsoft SharePoint Foundation 2010 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19132 | |||
Oval ID: | oval:org.mitre.oval:def:19132 | ||
Title: | Microsoft Excel Memory Corruption Vulnerability (CVE-2013-3889) - MS13-084, MS13-085 | ||
Description: | Microsoft Excel 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; Office Compatibility Pack SP3; and Excel Services and Word Automation Services in SharePoint Server 2013 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Excel Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-3889 | Version: | 11 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Excel 2007 Microsoft Excel 2010 Microsoft Excel 2013 Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Excel Viewer 2007 Microsoft Office Web Apps 2010 Microsoft SharePoint Server 2007 Microsoft SharePoint Server 2010 Microsoft SharePoint Server 2013 Microsoft Office Compatibility Pack |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 4 | |
Application | 1 | |
Application | 5 | |
Application | 1 | |
Application | 1 | |
Application | 3 | |
Application | 4 |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2013-10-10 | IAVM : 2013-B-0114 - Multiple Vulnerabilities in Microsoft Office Excel Severity : Category II - VMSKEY : V0040757 |
2013-10-10 | IAVM : 2013-B-0116 - Microsoft SharePoint Remote Code Execution Vulnerabilities Severity : Category II - VMSKEY : V0040765 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft SharePoint XSS attempt RuleID : 28201 - Revision : 3 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-10-09 | Name : An application installed on the remote Mac OS X host is affected by a remote ... File : macosx_ms13-085.nasl - Type : ACT_GATHER_INFO |
2013-10-09 | Name : The remote host is affected by multiple vulnerabilities. File : smb_nt_ms13-084.nasl - Type : ACT_GATHER_INFO |
2013-10-09 | Name : The Microsoft Office component installed on the remote host is affected by mu... File : smb_nt_ms13-085.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-04-27 02:03:11 |
|
2014-12-08 21:31:30 |
|
2014-02-17 11:47:49 |
|
2014-01-19 21:30:59 |
|
2013-12-20 13:23:37 |
|
2013-11-11 12:41:37 |
|
2013-11-07 00:17:25 |
|
2013-10-09 21:24:24 |
|
2013-10-08 21:16:41 |
|