Lucene search
Markus Wulftange (@mwulftange)ZDI-19-814HistorySep 10, 2019 - 12:00 a.m.
Microsoft SharePoint Business Data Connectivity Service Deserialization of Untrusted Data Remote Code Execution Vulnerability
2019-09-1000:00:00
Markus Wulftange (@mwulftange)
www.zerodayinitiative.com
17
EPSS
0.013
Percentile
86.1%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication as a high-privileged user is required to exploit this vulnerability. The specific flaw exists within the Business Data Connectivity Service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the SharePoint application pool identity.
Related
checkpoint_advisories
checkpoint_advisories
Microsoft SharePoint Remote Code Execution (CVE-2019-1295)
2019-09-10 00:00:00
mscve
mscve
Microsoft SharePoint Remote Code Execution Vulnerability
2019-09-10 07:00:00
symantec
symantec
Microsoft SharePoint CVE-2019-1295 Remote Code Execution Vulnerability
2019-09-10 00:00:00
mskb
mskb
prion
prion
Remote code execution
2019-09-11 22:15:00
Remote code execution
2019-09-11 22:15:00
Remote code execution
2019-09-11 22:15:00
cvelist
cvelist
nvd
nvd
cve
cve
nessus
nessus
Security Updates for Microsoft SharePoint Server (September 2019)
2019-09-13 00:00:00
qualysblog
qualysblog
kaspersky
kaspersky
KLA11551 Multiple vulnerability in Microsoft Office
2019-09-10 00:00:00
talosblog
talosblog