Microsoft SharePoint Server Privilege Escalation Vulnerabilities

Summary

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2 allows remote authenticated users to inject arbitrary web script or HTML via a modified list, aka ‘SharePoint Elevation of Privilege Vulnerability.’

Credit:

The information has been provided by Drew Calcott of EY .


Details

Vulnerable Systems:
 * Microsoft SharePoint Foundation 2010 SP2

Microsoft SharePoint Server could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper sanitizing of page content in SharePoint lists. By convincing a victim to browse a specially modified SharePoint list, an authenticated attacker could exploit this vulnerability to execute arbitrary script with the same permissions as the victim.

CVE Information:
CVE-2014-4116

Disclosure Timeline:
Original release date: 11/11/2014
Last revised: 12/31/2014

Categories: Windows