CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
99.8%
Added: 11/23/2011
CVE: CVE-2010-3964
BID: 45264
OSVDB: 69817
Microsoft SharePoint is a web application platform that provides web content management and document management as an aid to collaboration among users. SharePointโs multi-purpose design allows for managing and provisioning of intranet portals, extranets, websites, document and file management, collaboration spaces, social tools, enterprise search, business intelligence, process integration, system integration, workflow automation, and core infrastructure for third-party solutions.
The Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2 contains an arbitrary file upload vulnerability due to improper validation when processing SOAP requests. A remote attacker could execute arbitrary code in the security context of a guest user by sending a specially crafted SOAP request to the Document Conversions Launcher Service on TCP port 8082 in a SharePoint server environment that is using the Document Conversions Load Balancer Service. By default, the Document Conversions Load Balancer Service and Document Conversions Launcher Service are not enabled in Microsoft Office SharePoint Server 2007.
Apply the patch found in Microsoft Security Bulletin 10-104.
<http://technet.microsoft.com/en-us/security/bulletin/MS10-104>
<http://www.cvedetails.com/cve/CVE-2010-3964/>
Exploit works on Microsoft Office SharePoint Server 2007 SP2.
Both the Document Conversions Launcher Service and Document Conversions Load Balancer Service must be enabled for Sharepoint on the target system.
To open the shell connection, the target machine must reboot after the exploit script runs.
Windows