CVE-2010-3964
Microsoft SharePoint Server Arbitrary File Upload Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability."
Vulnerabilidad de subida de archivos sin restricciones en el Document Conversions Launcher Service en Microsoft Office SharePoint Server 2007 SP2, cuando Document Conversions Load Balancer Service está habilitado, permite a los atacantes remotos ejecutar código arbitrario mediante una solicitud SOAP diseñada al puerto TCP 8082, también se conoce como "Malformed Request Code Execution Vulnerability."
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Sharepoint Server utilizing Microsoft's Office Document Load Balancer. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the Office Document Conversions Launcher service and occurs due to insufficient parameter validation on a particular SOAP request. Sucessful exploitation will allow an attacker to upload and execute an arbitrary file on the target server.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-10-14 CVE Reserved
- 2010-12-14 CVE Published
- 2012-07-31 First Exploit
- 2024-08-07 CVE Updated
- 2024-08-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/69817 | Vdb Entry | |
| http://www.securityfocus.com/bid/45264 | Vdb Entry | |
| http://www.securitytracker.com/id?1024886 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA10-348A.html | Third Party Advisory | |
| http://www.zerodayinitiative.com/advisories/ZDI-10-287 | X_refsource_misc |
|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11737 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/20122 | 2012-07-31 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/42631 | 2018-10-12 | |
| http://www.vupen.com/english/advisories/2010/3226 | 2018-10-12 | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-104 | 2018-10-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Sharepoint Server Search vendor "Microsoft" for product "Sharepoint Server" | 2007 Search vendor "Microsoft" for product "Sharepoint Server" and version "2007" | sp2, x32 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Sharepoint Server Search vendor "Microsoft" for product "Sharepoint Server" | 2007 Search vendor "Microsoft" for product "Sharepoint Server" and version "2007" | sp2, x64 |
Affected
| ||||||