Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (3058083)
Published: May 12, 2015
Version: 1.0
Executive Summary
This security update resolves vulnerabilities in Microsoft Office server and productivity software. The vulnerabilities could allow remote code execution if an authenticated attacker sends specially crafted page content to a SharePoint server. An attacker who successfully exploited these vulnerabilities could run arbitrary code in the security context of the W3WP service account on the target SharePoint site.
This security update is rated Important for supported editions of Microsoft SharePoint Server 2007, Microsoft SharePoint Server 2010, Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013, and Microsoft SharePoint Foundation 2013. For more information, see the Affected Software section.
The security update addresses the vulnerabilities by correcting how SharePoint Server sanitizes specially crafted page content. For more information about the vulnerabilities, see the Vulnerability Information section.
The following software versions or editions are affected. Versions or editions that are not listed are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, see Microsoft Support Lifecycle.
Why are some of the update files listed in this bulletin also denoted in other bulletins being released in May?
Several of the update files listed in this bulletin are also denoted in other bulletins being released in May due to overlaps in affected software. Although the different bulletins address separate security vulnerabilities, the security updates have been consolidated where possible and appropriate. Therefore some identical update files are present in multiple bulletins.
Note that identical update files being released with multiple bulletins do not need to be installed more than once.
There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Affected Software table for the software?
Yes. Customers should apply all updates offered for the software installed on their systems.
Severity Ratings and Vulnerability Identifiers
The following severity ratings assume the potential maximum impact of the vulnerability. For information regarding the likelihood, within 30 days of this security bulletin's release, of the exploitability of the vulnerability in relation to its severity rating and security impact, please see the Exploitability Index in the May bulletin summary.
Microsoft Server Software
Vulnerability Severity Rating and Maximum Security Impact by Affected Software
Microsoft SharePoint Server 2007 Service Pack 3 (32-bit editions) (2760412)
Important Remote Code Execution
Important
Microsoft SharePoint Server 2007 Service Pack 3 (64-bit editions) (2760412)
Important Remote Code Execution
Important
Microsoft SharePoint Server 2010
Microsoft SharePoint Foundation 2010 Service Pack 2 (3017815)
Important Remote Code Execution
Important
Microsoft SharePoint Server 2010 Service Pack 2 (2956192)
Important Remote Code Execution
Important
Microsoft SharePoint Server 2013
Microsoft SharePoint Foundation 2013 Service Pack 1 (3054792)
Important Remote Code Execution
Important
Vulnerability Information
Microsoft SharePoint Page Content Vulnerabilities - CVE-2015-1700
Remote code execution vulnerabilities exist when SharePoint Server improperly sanitizes specially crafted page content. An authenticated attacker could attempt to exploit these vulnerabilities by sending specially crafted page content to a SharePoint server. The attacker who successfully exploited these vulnerabilities could run arbitrary code in the security context of the W3WP service account on the target SharePoint site. Systems that are running an affected version of SharePoint Server are primarily at risk.
The security update addresses the vulnerabilities by correcting how SharePoint Server sanitizes specially crafted page content.
Microsoft received information about the vulnerabilities through coordinated vulnerability disclosure. When this security bulletin was issued, Microsoft had not received any information to indicate that these vulnerabilities had been publicly used to attack customers.
To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2015-1700.
To exploit this vulnerability, an attacker must be able to authenticate on the target SharePoint site. Note that this is not a mitigating factor if the SharePoint site is configured to allow anonymous users to access the site. By default, anonymous access is not enabled.
Workarounds
Microsoft has not identified any workarounds for these vulnerabilities.
FAQ
Why is a single CVE Identifier assigned to multiple vulnerabilities?
Although the vulnerabilities are in different components of Microsoft SharePoint Server, they all share the same underlying issue and related code. The vulnerabilities are grouped into a single CVE Identifier that represents the underlying issue.
Security Update Deployment
For Security Update Deployment information, see the Microsoft Knowledge Base article referenced in the Executive Summary.
Acknowledgments
Microsoft recognizes the efforts of those in the security community who help us protect customers through coordinated vulnerability disclosure. See Acknowledgments for more information.
Disclaimer
The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
As an Information Security Administrator, you plan and implement information security of sensitive data by using Microsoft Purview and related services. You’re responsible for mitigating risks by protecting data inside collaboration environments that are managed by Microsoft 365 from internal and external threats and protecting data used by AI services. You also implement information protection, data loss prevention, retention, insider risk management, and manage information security alerts and activities.