Executive Summary

Summary
TitleVulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (3058083)
Informations
NameMS15-047First vendor Publication2015-05-12
VendorMicrosoftLast vendor Modification2015-05-12
Severity (Vendor) ImportantRevision1.0

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:P/I:P/A:P)
Cvss Base Score6Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityMedium
Cvss Expoit Score6.8AuthenticationRequires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Severity Rating: Important
Revision Note: V1.0 (May 12, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Office server and productivity software. The vulnerabilities could allow remote code execution if an authenticated attacker sends specially crafted page content to a SharePoint server. An attacker who successfully exploited these vulnerabilities could run arbitrary code in the security context of the W3WP service account on the target SharePoint site.

Original Source

Url : https://technet.microsoft.com/en-us/library/security/MS15-047

CWE : Common Weakness Enumeration

%idName
100 %CWE-20Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:28924
 
Oval ID: oval:org.mitre.oval:def:28924
Title: Microsoft SharePoint page content vulnerabilities – CVE-2015-1700 (MS15-047)
Description: Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, and SharePoint Foundation 2013 SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka "Microsoft SharePoint Page Content Vulnerabilities."
Family: windows Class: vulnerability
Reference(s): CVE-2015-1700
Version: 4
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Product(s): Microsoft SharePoint Server 2007
Microsoft SharePoint Server 2010
Microsoft SharePoint Foundation 2010
Microsoft SharePoint Foundation 2013
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1
Application3

Information Assurance Vulnerability Management (IAVM)

DateDescription
2015-05-14IAVM : 2015-A-0104 - Microsoft SharePoint Remote Code Execution Vulnerability (MS15-047)
Severity : Category II - VMSKEY : V0060645

Nessus® Vulnerability Scanner

DateDescription
2015-05-12Name : The remote host is affected by a remote code execution vulnerability.
File : smb_nt_ms15-047.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
DateInformations
2015-10-18 17:26:33
  • Multiple Updates
2015-05-14 21:35:31
  • Multiple Updates
2015-05-13 17:29:40
  • Multiple Updates
2015-05-13 13:28:07
  • Multiple Updates
2015-05-12 21:30:29
  • Multiple Updates
2015-05-12 21:17:10
  • First insertion