Executive Summary

Summary
TitleVulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175)
Informations
NameMS08-077First vendor Publication2008-12-09
VendorMicrosoftLast vendor Modification2008-12-09
Severity (Vendor) ImportantRevision1.0

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Revision Note: Bulletin published.Summary: This security update resolves a privately reported vulnerability. The vulnerability could allow elevation of privilege if an attacker bypasses authentication by browsing to an administrative URL on a SharePoint site. A successful attack leading to elevation of privilege could result in denial of service or information disclosure.

Original Source

Url : http://www.microsoft.com/technet/security/bulletin/MS08-077.mspx

CWE : Common Weakness Enumeration

%idName
100 %CWE-287Improper Authentication

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:5774
 
Oval ID: oval:org.mitre.oval:def:5774
Title: Access Control Vulnerability
Description: Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2008-4032
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s): Microsoft Office SharePoint Server 2007
Microsoft Search Server 2008
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application4
Application2

OpenVAS Exploits

DateDescription
2008-12-12Name : Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of ...
File : nvt/secpod_ms08-077.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
50585Microsoft Office SharePoint Server Administrative URL Security Bypass

Information Assurance Vulnerability Management (IAVM)

DateDescription
2008-12-11IAVM : 2008-B-0082 - Microsoft Office SharePoint Server and Microsoft Search Server Remote Privile...
Severity : Category I - VMSKEY : V0017911

Snort® IPS/IDS

DateDescription
2014-01-10Microsoft Office SharePoint Server elevation of privilege exploit attempt
RuleID : 15108 - Revision : 13 - Type : SERVER-WEBAPP

Nessus® Vulnerability Scanner

DateDescription
2008-12-10Name : A user can elevate his privileges through SharePoint.
File : smb_nt_ms08-077.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
DateInformations
2014-02-17 11:46:09
  • Multiple Updates
2014-01-19 21:30:16
  • Multiple Updates
2013-11-11 12:41:10
  • Multiple Updates
2013-05-11 00:49:25
  • Multiple Updates