{"uuid": "fab4bc29-e169-4823-ad5a-4efcb376f92b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0932", "type": "published-proof-of-concept", "source": "https://t.me/cKure/438", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 Anonymous researcher reports #zeroday vulnerability in #SharePoint's #TypeConversion method causing Arbitrary #CodeExecution.\n\nTechnical: The vulnerability exists because SharePoint does not restrict available Types for properties when it parses the XML configuration of\u00a0WebParts. For a property, an attacker may specify a string and a type name, and SharePoint will attempt to convert the string using a\u00a0TypeConvertercorresponding to the specified type. Some TypeConverters present in the SharePoint libraries can be used for arbitrary code execution.\nThe entry point for this attack is the\u00a0WebPartPages\u00a0web service found at:\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0http:///_vti_bin/WebPartPages.asmx\nWithin the implementation of this web service there are several methods that deal with parsing XML WebParts configuration, one of which is\u00a0RenderWebPartForEdit.\n\nhttps://www.zerodayinitiative.com/blog/2020/4/28/cve-2020-0932-remote-code-execution-on-microsoft-sharepoint-using-typeconverters", "creation_timestamp": "2020-04-30T08:39:08.000000Z"}