ID CVE-2018-1014
Summary An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-1005, CVE-2018-1032, CVE-2018-1034.
References
Vulnerable Configurations
CVSS
Base: None
Impact:
Exploitability:
msbulletin via4
bulletin_SOURCE_FILE https://portal.msrc.microsoft.com/api/security-guidance/en-us/
cves_url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1014
impact Elevation of Privilege
knowledgebase_SOURCE_FILE
knowledgebase_id
name Microsoft SharePoint Enterprise Server 2013 Service Pack 1
publishedDate 2018-04-10T07:00:00
severity Important
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS18_APR_SHAREPOINT.NASL
description The Microsoft SharePoint Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. (CVE-2018-1005) - An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted URL to a user of an affected SharePoint server. (CVE-2018-1014) - A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2018-1028) - An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. (CVE-2018-1032) - An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. (CVE-2018-1034)
last seen 2018-04-15
modified 2018-04-13
plugin id 109036
published 2018-04-13
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=109036
title Security Updates for Microsoft SharePoint Server (April 2018)
refmap via4
bid 103638
confirm https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1014
sectrack 1040666
Last major update 11-04-2018 - 21:29
Published 11-04-2018 - 21:29
Last modified 12-04-2018 - 21:29
Back to Top