Lucene search
Steven Seeley (mr_me) of Source InciteZDI-21-829HistoryJul 19, 2021 - 12:00 a.m.
Microsoft SharePoint CabUtility ExtractCab Directory Traversal Remote Code Execution Vulnerability
2021-07-1900:00:00
Steven Seeley (mr_me) of Source Incite
www.zerodayinitiative.com
86
0.019 Low
EPSS
Percentile
88.6%
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Microsoft SharePoint. User interaction is required to exploit this vulnerability. The specific flaw exists within the parsing of CAB files. When handling filenames specified within a CAB file, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the service account.
Related
cve
cve
CVE-2021-34468
2021-07-14 18:15:11
prion
prion
Remote code execution
2021-07-14 18:15:00
cvelist
cvelist
nvd
nvd
CVE-2021-34468
2021-07-14 18:15:11
mscve
mscve
Microsoft SharePoint Server Remote Code Execution Vulnerability
2021-07-13 07:00:00
mskb
mskb
nessus
nessus
Security Updates for Microsoft SharePoint Server 2019 (July 2021)
2021-07-13 00:00:00
Security Updates for Microsoft Sharepoint 2016 (July 2021)
2021-07-13 00:00:00
Security Updates for Microsoft SharePoint Server 2013 (July 2021)
2021-07-13 00:00:00
qualysblog
qualysblog
kaspersky
kaspersky
KLA12220 Multiple vulnerabilities in Microsoft Office
2021-07-13 00:00:00
threatpost
threatpost
Microsoft Crushes 116 Bugs, Three Actively Exploited
2021-07-13 21:26:27
rapid7blog
rapid7blog
Patch Tuesday - July 2021
2021-07-13 20:56:26