Lucene search
Markus Wulftange (@mwulftange)ZDI-19-812HistorySep 10, 2019 - 12:00 a.m.
Microsoft SharePoint Business Data Connectivity Service Deserialization of Untrusted Data Remote Code Execution Vulnerability
2019-09-1000:00:00
Markus Wulftange (@mwulftange)
www.zerodayinitiative.com
14
0.013 Low
EPSS
Percentile
86.1%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the Business Data Connectivity Service. A crafted request can trigger the deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the SharePoint application pool identity.
Related
symantec
symantec
Microsoft SharePoint CVE-2019-1257 Remote Code Execution Vulnerability
2019-09-10 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft SharePoint Remote Code Execution (CVE-2019-1257)
2019-09-10 00:00:00
mscve
mscve
Microsoft SharePoint Remote Code Execution Vulnerability
2019-09-10 07:00:00
cve
cve
nvd
nvd
prion
prion
Remote code execution
2019-09-11 22:15:00
Remote code execution
2019-09-11 22:15:00
Remote code execution
2019-09-11 22:15:00
cvelist
cvelist
mskb
mskb
nessus
nessus
Security Updates for Microsoft SharePoint Server (September 2019)
2019-09-13 00:00:00
qualysblog
qualysblog
threatpost
threatpost
Microsoft Addresses Two Zero-Days Under Active Attack
2019-09-10 19:54:07
kaspersky
kaspersky
KLA11551 Multiple vulnerability in Microsoft Office
2019-09-10 00:00:00
talosblog
talosblog