Summary
| Detail | |||
|---|---|---|---|
| Vendor | Microsoft | First view | 2008-07-07 |
| Product | Sharepoint Designer | Last view | 2020-10-16 |
| Version | 2013 | Type | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 8.7 | 2020-10-16 | CVE-2020-16946 | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests. |
| 5.5 | 2020-08-17 | CVE-2020-1573 | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests. |
| 7.8 | 2016-09-14 | CVE-2016-3365 | Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3362. |
| 7.8 | 2016-09-14 | CVE-2016-3362 | Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3365. |
| 7.8 | 2016-09-14 | CVE-2016-3360 | Microsoft PowerPoint 2007 SP3, PowerPoint 2010 SP2, PowerPoint 2013 SP1, PowerPoint 2013 RT SP1, PowerPoint 2016 for Mac, Office Compatibility Pack SP3, PowerPoint Viewer, SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." |
| 7.8 | 2016-09-14 | CVE-2016-3358 | Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." |
| 7.8 | 2016-04-12 | CVE-2016-0136 | Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." |
| 7.8 | 2016-02-10 | CVE-2016-0054 | Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." |
| 9.3 | 2015-07-14 | CVE-2015-2376 | Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Office for Mac 2011, Excel Viewer 2007 SP3, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." |
| 9 | 2014-05-14 | CVE-2014-0251 | Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1; SharePoint Foundation 2010 SP1 and SP2 and 2013 Gold and SP1; Project Server 2010 SP1 and SP2 and 2013 Gold and SP1; Web Applications 2010 SP1 and SP2; Office Web Apps Server 2013 Gold and SP1; SharePoint Server 2013 Client Components SDK; and SharePoint Designer 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka "SharePoint Page Content Vulnerability." |
| 7.5 | 2008-07-07 | CVE-2008-3068 | Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 70% (7) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 20% (2) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 10% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:24567 | SharePoint Page Content Vulnerabilities (CVE-2014-0251) - MS14-022 |
| oval:org.mitre.oval:def:29245 | Microsoft Office memory corruption vulnerability - CVE-2015-2376 (MS15-070) |
| oval:org.mitre.oval:def:28959 | Microsoft Office memory corruption vulnerability – CVE-2015-2376 (MS15-070) (... |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 47004 | Microsoft Crypto API S/MIME X.509 Certificate CRL Check Remote Information Di... |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2015-A-0163 | Multiple Vulnerabilities in Microsoft Office (MS15-070) Severity: Category II - VMSKEY: V0061121 |
| 2014-A-0074 | Multiple Vulnerabilities in Microsoft Office SharePoint Server Severity: Category II - VMSKEY: V0050449 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2016-10-13 | Microsoft Office PowerPoint ppcore invalid pointer reference attempt RuleID : 40148 - Type : FILE-OFFICE - Revision : 3 |
| 2016-10-13 | Microsoft Office PowerPoint ppcore invalid pointer reference attempt RuleID : 40147 - Type : FILE-OFFICE - Revision : 3 |
| 2016-10-11 | Microsoft Office Excel xlsb use-after-free attempt RuleID : 40117 - Type : FILE-OFFICE - Revision : 3 |
| 2016-10-11 | Microsoft Office Excel xlsb use-after-free attempt RuleID : 40116 - Type : FILE-OFFICE - Revision : 3 |
| 2016-10-11 | Microsoft Office Excel xlsb use-after-free attempt RuleID : 40105 - Type : FILE-OFFICE - Revision : 3 |
| 2016-10-11 | Microsoft Office Excel xlsb use-after-free attempt RuleID : 40104 - Type : FILE-OFFICE - Revision : 3 |
| 2016-10-11 | Microsoft Office Excel xlsb use-after-free attempt RuleID : 40103 - Type : FILE-OFFICE - Revision : 3 |
| 2016-10-11 | Microsoft Office Excel xlsb use-after-free attempt RuleID : 40102 - Type : FILE-OFFICE - Revision : 3 |
| 2016-10-11 | Microsoft Office Excel LPenHelper out of bounds write attempt RuleID : 40076 - Type : FILE-OFFICE - Revision : 3 |
| 2016-10-11 | Microsoft Office Excel LPenHelper out of bounds write attempt RuleID : 40075 - Type : FILE-OFFICE - Revision : 3 |
| 2016-03-14 | Microsoft Office Excel formula length heap corruption attempt RuleID : 37593 - Type : FILE-OFFICE - Revision : 3 |
| 2016-03-14 | Microsoft Office Excel formula length heap corruption attempt RuleID : 37592 - Type : FILE-OFFICE - Revision : 3 |
| 2016-03-14 | Microsoft Office Excel MdCallBack out of bounds read attempt RuleID : 36752 - Type : FILE-OFFICE - Revision : 6 |
| 2016-03-14 | Microsoft Office Excel MdCallBack out of bounds read attempt RuleID : 36751 - Type : FILE-OFFICE - Revision : 6 |
| 2015-08-14 | Microsoft Office Excel out of bounds memory access attempt RuleID : 35138 - Type : FILE-OFFICE - Revision : 2 |
| 2015-08-14 | Microsoft Office Excel out of bounds memory access attempt RuleID : 35137 - Type : FILE-OFFICE - Revision : 3 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2016-09-15 | Name: An application installed on the remote Mac OS X host is affected by multiple ... File: macosx_ms16-107_office.nasl - Type: ACT_GATHER_INFO |
| 2016-09-14 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: smb_nt_ms16-107.nasl - Type: ACT_GATHER_INFO |
| 2016-04-12 | Name: An application installed on the remote Windows host is affected by multiple r... File: smb_nt_ms16-042.nasl - Type: ACT_GATHER_INFO |
| 2016-02-22 | Name: An application installed on the remote Mac OS X host is affected by multiple ... File: macosx_ms16-015_office.nasl - Type: ACT_GATHER_INFO |
| 2016-02-09 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms16-015.nasl - Type: ACT_GATHER_INFO |
| 2015-07-14 | Name: An application installed on the remote Mac OS X host is affected by multiple ... File: macosx_ms15-070_office_2011.nasl - Type: ACT_GATHER_INFO |
| 2015-07-14 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms15-070.nasl - Type: ACT_GATHER_INFO |
| 2014-05-14 | Name: The remote host is affected by multiple vulnerabilities. File: smb_nt_ms14-022.nasl - Type: ACT_GATHER_INFO |
