Executive Summary

Title Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175)
Name MS08-077 First vendor Publication 2008-12-09
Vendor Microsoft Last vendor Modification 2008-12-09
Severity (Vendor) Important Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Revision Note: Bulletin published.Summary: This security update resolves a privately reported vulnerability. The vulnerability could allow elevation of privilege if an attacker bypasses authentication by browsing to an administrative URL on a SharePoint site. A successful attack leading to elevation of privilege could result in denial of service or information disclosure.

Original Source

Url : http://www.microsoft.com/technet/security/bulletin/MS08-077.mspx

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-287 Improper Authentication

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:5774
Oval ID: oval:org.mitre.oval:def:5774
Title: Access Control Vulnerability
Description: Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2008-4032
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s): Microsoft Office SharePoint Server 2007
Microsoft Search Server 2008
Definition Synopsis:

CPE : Common Platform Enumeration

Application 4
Application 2

OpenVAS Exploits

Date Description
2008-12-12 Name : Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of ...
File : nvt/secpod_ms08-077.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
50585 Microsoft Office SharePoint Server Administrative URL Security Bypass

SharePoint and Search Server contain a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a remote attacker is able to bypass authentication for some administrative pages. This flaw may lead to a loss of integrity.

Information Assurance Vulnerability Management (IAVM)

Date Description
2008-12-11 IAVM : 2008-B-0082 - Microsoft Office SharePoint Server and Microsoft Search Server Remote Privile...
Severity : Category I - VMSKEY : V0017911

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft Office SharePoint Server elevation of privilege exploit attempt
RuleID : 15108 - Revision : 13 - Type : SERVER-WEBAPP

Nessus® Vulnerability Scanner

Date Description
2008-12-10 Name : A user can elevate his privileges through SharePoint.
File : smb_nt_ms08-077.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
Date Informations
2014-02-17 11:46:09
  • Multiple Updates
2014-01-19 21:30:16
  • Multiple Updates
2013-11-11 12:41:10
  • Multiple Updates
2013-05-11 00:49:25
  • Multiple Updates