This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2010-02-26
Product Sharepoint Server Last view 2017-06-14
Version 2007 Type Application
Update sp3  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:microsoft:sharepoint_server

Activity : Overall

Related : CVE

  Date Alert Description
7.8 2017-06-14 CVE-2017-8513

A remote code execution vulnerability exists in Microsoft PowerPoint when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability".

7.8 2017-03-16 CVE-2017-0052

Microsoft Office Compatibility Pack SP3, Excel 2007 SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, and CVE-2017-0053.

7.8 2017-03-16 CVE-2017-0006

Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053.

7.1 2016-12-20 CVE-2016-7265

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability."

9.3 2015-11-11 CVE-2015-6038

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3, 2010 SP2, and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

4.3 2015-10-13 CVE-2015-2556

The InfoPath Forms Services component in Microsoft SharePoint Server 2007 SP3 and 2010 SP2 misparses DTDs, which allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka "Microsoft SharePoint Information Disclosure Vulnerability."

6 2015-05-13 CVE-2015-1700

Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, and SharePoint Foundation 2013 SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka "Microsoft SharePoint Page Content Vulnerabilities."

9.3 2015-03-11 CVE-2015-0085

Use-after-free vulnerability in Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 Gold and SP1, Word 2013 Gold and SP1, Office 2013 RT Gold and SP1, Word 2013 RT Gold and SP1, Excel Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 Gold and SP1, Word Automation Services on SharePoint Server 2013 Gold and SP1, Web Applications 2010 SP2, Office Web Apps Server 2010 SP2, Web Apps Server 2013 Gold and SP1, SharePoint Server 2007 SP3, Windows SharePoint Services 3.0 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vulnerability."

9 2014-05-14 CVE-2014-0251

Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1; SharePoint Foundation 2010 SP1 and SP2 and 2013 Gold and SP1; Project Server 2010 SP1 and SP2 and 2013 Gold and SP1; Web Applications 2010 SP1 and SP2; Office Web Apps Server 2013 Gold and SP1; SharePoint Server 2013 Client Components SDK; and SharePoint Designer 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka "SharePoint Page Content Vulnerability."

6.8 2013-10-09 CVE-2013-3895

Microsoft SharePoint Server 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to conduct clickjacking attacks via a crafted web page, aka "Parameter Injection Vulnerability."

9.3 2013-10-09 CVE-2013-3889

Microsoft Excel 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; Office Compatibility Pack SP3; and Excel Services and Word Automation Services in SharePoint Server 2013 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Excel Memory Corruption Vulnerability."

4.3 2013-09-11 CVE-2013-3179

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability."

10 2013-09-11 CVE-2013-1330

The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 does not set the EnableViewStateMac attribute, which allows remote attackers to execute arbitrary code by leveraging an unassigned workflow, aka "MAC Disabled Vulnerability."

9.3 2013-09-11 CVE-2013-1315

Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

5 2013-09-11 CVE-2013-0081

Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 do not properly process unassigned workflows, which allows remote attackers to cause a denial of service (W3WP process hang) via a crafted URL, aka "SharePoint Denial of Service Vulnerability."

9.3 2013-01-09 CVE-2013-0007

Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability."

9.3 2013-01-09 CVE-2013-0006

Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer Truncation Vulnerability."

4.3 2012-10-09 CVE-2012-2520

Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."

4.3 2012-07-10 CVE-2012-1863

Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability."

6.8 2012-07-10 CVE-2012-1862

Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability."

5.5 2012-07-10 CVE-2012-1860

Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability."

3.5 2010-02-26 CVE-2010-0716

_layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed.

CWE : Common Weakness Enumeration

%idName
28% (6) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
19% (4) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
19% (4) CWE-20 Improper Input Validation
9% (2) CWE-264 Permissions, Privileges, and Access Controls
9% (2) CWE-94 Failure to Control Generation of Code ('Code Injection')
4% (1) CWE-200 Information Exposure
4% (1) CWE-189 Numeric Errors
4% (1) CWE-125 Out-of-bounds Read

Open Source Vulnerability Database (OSVDB)

id Description
50138 Microsoft SharePoint Host Name / Port Number Persistence HTML Document Same-o...

OpenVAS Exploits

id Description
2012-10-10 Name : Microsoft Products HTML Sanitisation Component XSS Vulnerability (2741517)
File : nvt/secpod_ms12-066.nasl
2012-07-11 Name : Microsoft SharePoint Multiple Privilege Elevation Vulnerabilities (2695502)
File : nvt/secpod_ms12-050.nasl
2010-03-05 Name : Microsoft SharePoint Cross Site Scripting Vulnerability
File : nvt/gb_ms_sharepoint_xss_vuln.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0104 Microsoft SharePoint Remote Code Execution Vulnerability (MS15-047)
Severity: Category II - VMSKEY: V0060645
2015-A-0052 Multiple Vulnerabilities in Microsoft Office (MS15-022)
Severity: Category II - VMSKEY: V0058999
2014-A-0074 Multiple Vulnerabilities in Microsoft Office SharePoint Server
Severity: Category II - VMSKEY: V0050449
2013-A-0231 Multiple Vulnerabilities in Microsoft Exchange Server
Severity: Category I - VMSKEY: V0042592
2013-B-0114 Multiple Vulnerabilities in Microsoft Office Excel
Severity: Category II - VMSKEY: V0040757
2013-B-0116 Microsoft SharePoint Remote Code Execution Vulnerabilities
Severity: Category II - VMSKEY: V0040765
2013-A-0174 Multiple Remote Code Execution Vulnerabilities in Microsoft SharePoint Server
Severity: Category II - VMSKEY: V0040292
2013-A-0171 Multiple Remote Code Execution Vulnerabilities in Microsoft Excel
Severity: Category I - VMSKEY: V0040295
2013-A-0004 Multiple Vulnerabilities in Microsoft XML Core Services
Severity: Category I - VMSKEY: V0036444

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2019-07-23 Microsoft Office Excel malicious cce value following a PtgMemFunc token
RuleID : 50462 - Type : FILE-OFFICE - Revision : 1
2019-07-23 Microsoft Office Excel malicious cce value following a PtgMemFunc token
RuleID : 50461 - Type : FILE-OFFICE - Revision : 1
2017-04-12 Microsoft Office Excel shared strings memory corruption attempt
RuleID : 41980 - Type : FILE-OFFICE - Revision : 4
2017-04-12 Microsoft Office Excel shared strings memory corruption attempt
RuleID : 41979 - Type : FILE-OFFICE - Revision : 4
2017-04-12 Microsoft Office Excel shared strings memory corruption attempt
RuleID : 41977 - Type : FILE-OFFICE - Revision : 4
2017-04-12 Microsoft Office Excel shared strings memory corruption attempt
RuleID : 41976 - Type : FILE-OFFICE - Revision : 4
2017-01-10 Microsoft Office Excel security descriptor out of bounds read attempt
RuleID : 40958 - Type : FILE-OFFICE - Revision : 3
2017-01-10 Microsoft Office Excel security descriptor out of bounds read attempt
RuleID : 40957 - Type : FILE-OFFICE - Revision : 3
2016-11-15 Microsoft Office Excel malicious cce value following a PtgMemFunc token
RuleID : 40460 - Type : FILE-OFFICE - Revision : 3
2016-11-15 Microsoft Office Excel malicious cce value following a PtgMemFunc token
RuleID : 40459 - Type : FILE-OFFICE - Revision : 3
2016-07-26 Microsoft Office Excel RealTimeData record exploit attempt
RuleID : 39347 - Type : FILE-OFFICE - Revision : 2
2016-07-26 Microsoft Office Excel RealTimeData record exploit attempt
RuleID : 39346 - Type : FILE-OFFICE - Revision : 2
2016-03-14 Microsoft Office Excel MdCallBack out of bounds read attempt
RuleID : 36752 - Type : FILE-OFFICE - Revision : 6
2016-03-14 Microsoft Office Excel MdCallBack out of bounds read attempt
RuleID : 36751 - Type : FILE-OFFICE - Revision : 6
2015-04-10 Microsoft Office Word incorrect schema property remote code execution attempt
RuleID : 33716 - Type : FILE-OFFICE - Revision : 3
2015-04-10 Microsoft Office Word incorrect schema property remote code execution attempt
RuleID : 33715 - Type : FILE-OFFICE - Revision : 3
2014-04-24 Microsoft Office Excel malicious cce value following a PtgMemFunc token
RuleID : 30243 - Type : FILE-OFFICE - Revision : 5
2014-04-24 Microsoft Office Excel malicious cce value following a PtgMemFunc token
RuleID : 30242 - Type : FILE-OFFICE - Revision : 5
2014-01-10 overly large XML file MSXML heap overflow attempt
RuleID : 28286 - Type : FILE-OTHER - Revision : 3
2014-01-10 Microsoft SharePoint XSS attempt
RuleID : 28201 - Type : SERVER-OTHER - Revision : 3
2014-01-10 Microsoft Office SharePoint malicious serialized viewstate evaluation attempt
RuleID : 27823 - Type : SERVER-WEBAPP - Revision : 3
2014-01-10 Microsoft Office Excel PtgMemFunc zero-value cce-field read access violation ...
RuleID : 27821 - Type : FILE-OFFICE - Revision : 4
2014-01-10 Microsoft Office Excel PtgMemFunc zero-value cce-field read access violation ...
RuleID : 27820 - Type : FILE-OFFICE - Revision : 4
2014-01-10 Microsoft SharePoint denial of service attempt
RuleID : 27819 - Type : SERVER-OTHER - Revision : 3
2014-01-10 Microsoft SharePoint denial of service attempt
RuleID : 27818 - Type : SERVER-OTHER - Revision : 3

Nessus® Vulnerability Scanner

id Description
2017-06-14 Name: An application installed on the remote Windows host is affected by multiple v...
File: smb_nt_ms17_jun_office_sharepoint.nasl - Type: ACT_GATHER_INFO
2017-06-14 Name: An application installed on the remote Windows host is affected by multiple v...
File: smb_nt_ms17_jun_office.nasl - Type: ACT_GATHER_INFO
2017-03-15 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: smb_nt_ms17-014.nasl - Type: ACT_GATHER_INFO
2016-12-14 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: smb_nt_ms16-148.nasl - Type: ACT_GATHER_INFO
2015-11-10 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms15-116.nasl - Type: ACT_GATHER_INFO
2015-11-10 Name: An application installed on the remote Mac OS X host is affected by multiple ...
File: macosx_ms15-116_office.nasl - Type: ACT_GATHER_INFO
2015-10-13 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms15-110.nasl - Type: ACT_GATHER_INFO
2015-05-12 Name: The remote host is affected by a remote code execution vulnerability.
File: smb_nt_ms15-047.nasl - Type: ACT_GATHER_INFO
2015-03-11 Name: The remote host is affected by multiple remote code execution vulnerabilities.
File: smb_nt_ms15-022.nasl - Type: ACT_GATHER_INFO
2014-05-14 Name: The remote host is affected by multiple vulnerabilities.
File: smb_nt_ms14-022.nasl - Type: ACT_GATHER_INFO
2013-12-11 Name: The remote mail server has multiple vulnerabilities.
File: smb_nt_ms13-105.nasl - Type: ACT_GATHER_INFO
2013-10-09 Name: The Microsoft Office component installed on the remote host is affected by mu...
File: smb_nt_ms13-085.nasl - Type: ACT_GATHER_INFO
2013-10-09 Name: The remote host is affected by multiple vulnerabilities.
File: smb_nt_ms13-084.nasl - Type: ACT_GATHER_INFO
2013-10-09 Name: An application installed on the remote Mac OS X host is affected by a remote ...
File: macosx_ms13-085.nasl - Type: ACT_GATHER_INFO
2013-09-11 Name: An application installed on the remote Mac OS X host is affected by multiple ...
File: macosx_ms13-073.nasl - Type: ACT_GATHER_INFO
2013-09-11 Name: It is possible to execute arbitrary code on the remote host through Microsoft...
File: smb_nt_ms13-073.nasl - Type: ACT_GATHER_INFO
2013-09-11 Name: The remote host is affected by multiple vulnerabilities.
File: smb_nt_ms13-067.nasl - Type: ACT_GATHER_INFO
2013-01-09 Name: Arbitrary code can be executed on the remote host through Microsoft XML Core ...
File: smb_nt_ms13-002.nasl - Type: ACT_GATHER_INFO
2012-10-10 Name: The remote host is affected by a privilege escalation vulnerability.
File: smb_nt_ms12-066.nasl - Type: ACT_GATHER_INFO
2012-07-11 Name: The remote host is affected by multiple privilege escalation and information ...
File: smb_nt_ms12-050.nasl - Type: ACT_GATHER_INFO