CVE-2010-3964

Sažetak

Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability."

Reference

http://osvdb.org/69817
http://secunia.com/advisories/42631
http://www.securityfocus.com/bid/45264
http://www.securitytracker.com/id?1024886
http://www.us-cert.gov/cas/techalerts/TA10-348A.html
http://www.vupen.com/english/advisories/2010/3226
http://www.zerodayinitiative.com/advisories/ZDI-10-287/
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-104
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11737

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

12-10-2018 - 21:58

Objavljeno

16-12-2010 - 19:33