Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2013-1330 | First vendor Publication | 2013-09-11 |
Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 does not set the EnableViewStateMac attribute, which allows remote attackers to execute arbitrary code by leveraging an unassigned workflow, aka "MAC Disabled Vulnerability." |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1330 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:19040 | |||
Oval ID: | oval:org.mitre.oval:def:19040 | ||
Title: | MAC disabled vulnerability in Microsoft SharePoint and Microsoft Exchange Server (CVE-2013-1330) - MS13-067, MS13-105 | ||
Description: | The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 does not set the EnableViewStateMac attribute, which allows remote attackers to execute arbitrary code by leveraging an unassigned workflow, aka "MAC Disabled Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1330 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft Exchange Server 2013 Microsoft SharePoint Foundation 2010 Microsoft SharePoint Server 2007 Microsoft SharePoint Server 2010 Microsoft SharePoint Services 2.0 Microsoft SharePoint Services 3.0 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 2 | |
Application | 1 | |
Application | 3 | |
Application | 2 |
ExploitDB Exploits
id | Description |
---|---|
2014-01-27 | Oracle Outside In MDB - File Parsing Stack Based Buffer Overflow PoC |
2013-09-12 | Microsoft SharePoint 2013 (Cloud) - Persistent Exception Handling Vulnerabili... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2013-12-12 | IAVM : 2013-A-0231 - Multiple Vulnerabilities in Microsoft Exchange Server Severity : Category I - VMSKEY : V0042592 |
2013-09-12 | IAVM : 2013-A-0174 - Multiple Remote Code Execution Vulnerabilities in Microsoft SharePoint Server Severity : Category II - VMSKEY : V0040292 |
Snort® IPS/IDS
Date | Description |
---|---|
2016-07-26 | Microsoft Office Excel RealTimeData record exploit attempt RuleID : 39347 - Revision : 2 - Type : FILE-OFFICE |
2016-07-26 | Microsoft Office Excel RealTimeData record exploit attempt RuleID : 39346 - Revision : 2 - Type : FILE-OFFICE |
2014-03-06 | Oracle Outside In OS2 metafile parser stack buffer overflow attempt RuleID : 29577 - Revision : 8 - Type : FILE-OTHER |
2014-03-06 | Oracle Outside In OS2 metafile parser stack buffer overflow attempt RuleID : 29576 - Revision : 8 - Type : FILE-OTHER |
2014-03-06 | Oracle Outside In OS2 metafile parser stack buffer overflow attempt RuleID : 29575 - Revision : 8 - Type : FILE-OTHER |
2014-03-06 | Oracle Outside In OS2 metafile parser stack buffer overflow attempt RuleID : 29574 - Revision : 8 - Type : FILE-OTHER |
2014-03-06 | Oracle Outside In OS2 metafile parser stack buffer overflow attempt RuleID : 29573 - Revision : 7 - Type : FILE-OTHER |
2014-03-06 | Oracle Outside In OS2 metafile parser stack buffer overflow attempt RuleID : 29572 - Revision : 7 - Type : FILE-OTHER |
2014-03-06 | Oracle Outside In OS2 metafile parser stack buffer overflow attempt RuleID : 29571 - Revision : 7 - Type : FILE-OTHER |
2014-03-06 | Oracle Outside In OS2 metafile parser stack buffer overflow attempt RuleID : 29570 - Revision : 7 - Type : FILE-OTHER |
2014-01-10 | Microsoft SharePoint self cross site scripting attempt RuleID : 27828 - Revision : 3 - Type : SERVER-WEBAPP |
2014-01-10 | Microsoft SharePoint self cross site scripting attempt RuleID : 27827 - Revision : 3 - Type : SERVER-WEBAPP |
2014-01-10 | Microsoft SharePoint self cross site scripting attempt RuleID : 27826 - Revision : 3 - Type : SERVER-WEBAPP |
2014-01-10 | Microsoft Office SharePoint malicious serialized viewstate evaluation attempt RuleID : 27823 - Revision : 3 - Type : SERVER-WEBAPP |
2014-01-10 | Microsoft SharePoint denial of service attempt RuleID : 27819 - Revision : 3 - Type : SERVER-OTHER |
2014-01-10 | Microsoft SharePoint denial of service attempt RuleID : 27818 - Revision : 3 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-12-11 | Name : The remote mail server has multiple vulnerabilities. File : smb_nt_ms13-105.nasl - Type : ACT_GATHER_INFO |
2013-09-11 | Name : The remote host is affected by multiple vulnerabilities. File : smb_nt_ms13-067.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-11-28 12:33:53 |
|
2021-05-04 12:24:16 |
|
2021-04-22 01:29:05 |
|
2020-05-23 00:36:25 |
|
2018-10-13 05:18:39 |
|
2017-09-19 09:25:52 |
|
2016-06-28 19:21:36 |
|
2014-02-17 11:17:27 |
|
2014-01-19 21:29:14 |
|
2013-12-13 21:19:25 |
|
2013-12-13 13:19:17 |
|
2013-11-11 12:40:19 |
|
2013-11-04 21:26:06 |
|
2013-10-11 13:25:41 |
|
2013-09-11 21:19:52 |
|