Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2010-3964 | First vendor Publication | 2010-12-16 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability." |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3964 |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:11737 | |||
| Oval ID: | oval:org.mitre.oval:def:11737 | ||
| Title: | Malformed Request Code Execution Vulnerability | ||
| Description: | Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3964 | Version: | 4 |
| Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 | Product(s): | Microsoft Office SharePoint Server 2007 |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 2 |
SAINT Exploits
| Description | Link |
|---|---|
| Microsoft SharePoint Office Document Load Balancer SOAP Vulnerability | More info here |
ExploitDB Exploits
| id | Description |
|---|---|
| 2012-07-31 | Microsoft Office SharePoint Server 2007 Remote Code Execution |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2010-12-29 | Name : Microsoft SharePoint Could Allow Remote Code Execution Vulnerability (2455005) File : nvt/secpod_ms10-104.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 69817 | Microsoft SharePoint Office Document Load Balancer Crafted SOAP Request Remot... Microsoft SharePoint contains a flaw related to a validation error when processing SOAP requests sent to the Document Conversions Launcher Service. The issue is triggered when a remote attacker uses a specially crafted request to upload an arbitrary file to an affected server. This may allow an attacker to execute arbitrary code. |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Microsoft Office SharePoint document conversion remote code excution attempt RuleID : 18238 - Revision : 13 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2010-12-15 | Name : The remote host has a remote code execution vulnerability. File : smb_nt_ms10-104.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:06:42 |
|
| 2024-11-28 12:23:22 |
|
| 2021-05-04 12:12:45 |
|
| 2021-04-22 01:13:22 |
|
| 2020-05-23 00:26:46 |
|
| 2018-10-13 00:23:01 |
|
| 2017-09-19 09:24:02 |
|
| 2016-06-28 18:21:28 |
|
| 2016-04-26 20:11:15 |
|
| 2014-02-17 10:58:16 |
|
| 2014-01-19 21:27:14 |
|
| 2013-05-10 23:35:36 |
|
