Executive Summary

Title Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (3058083)
Name MS15-047 First vendor Publication 2015-05-12
Vendor Microsoft Last vendor Modification 2015-05-12
Severity (Vendor) Important Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:P/I:P/A:P)
Cvss Base Score 6 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 6.8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores


Severity Rating: Important
Revision Note: V1.0 (May 12, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Office server and productivity software. The vulnerabilities could allow remote code execution if an authenticated attacker sends specially crafted page content to a SharePoint server. An attacker who successfully exploited these vulnerabilities could run arbitrary code in the security context of the W3WP service account on the target SharePoint site.

Original Source

Url : https://technet.microsoft.com/en-us/library/security/MS15-047

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:28924
Oval ID: oval:org.mitre.oval:def:28924
Title: Microsoft SharePoint page content vulnerabilities – CVE-2015-1700 (MS15-047)
Description: Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, and SharePoint Foundation 2013 SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka "Microsoft SharePoint Page Content Vulnerabilities."
Family: windows Class: vulnerability
Reference(s): CVE-2015-1700
Version: 4
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Product(s): Microsoft SharePoint Server 2007
Microsoft SharePoint Server 2010
Microsoft SharePoint Foundation 2010
Microsoft SharePoint Foundation 2013
Definition Synopsis:

CPE : Common Platform Enumeration

Application 1
Application 3

Information Assurance Vulnerability Management (IAVM)

Date Description
2015-05-14 IAVM : 2015-A-0104 - Microsoft SharePoint Remote Code Execution Vulnerability (MS15-047)
Severity : Category II - VMSKEY : V0060645

Nessus® Vulnerability Scanner

Date Description
2015-05-12 Name : The remote host is affected by a remote code execution vulnerability.
File : smb_nt_ms15-047.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
Date Informations
2015-10-18 17:26:33
  • Multiple Updates
2015-05-14 21:35:31
  • Multiple Updates
2015-05-13 17:29:40
  • Multiple Updates
2015-05-13 13:28:07
  • Multiple Updates
2015-05-12 21:30:29
  • Multiple Updates
2015-05-12 21:17:10
  • First insertion