Microsoft SharePoint Server Privilege Escalation Vulnerabilities
Summary
Credit:
The information has been provided by Drew Calcott of EY .
Details
Vulnerable Systems:
* Microsoft SharePoint Foundation 2010 SP2
Microsoft SharePoint Server could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper sanitizing of page content in SharePoint lists. By convincing a victim to browse a specially modified SharePoint list, an authenticated attacker could exploit this vulnerability to execute arbitrary script with the same permissions as the victim.
CVE Information:
CVE-2014-4116
Disclosure Timeline:
Original release date: 11/11/2014
Last revised: 12/31/2014