MS11-074: Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858)

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.

Synopsis :

The remote host is affected by multiple privilege escalation and
information disclosure vulnerabilities.

Description :

The version of SharePoint Services, SharePoint Server, Groove, or
Office Web Apps installed on the remote host has multiple privilege
escalation and information disclosure vulnerabilities.

A remote attacker could exploit them by tricking a user into making a
malicious request, resulting in arbitrary script code execution.

See also :

Solution :

Microsoft has released a set of patches for SharePoint Server 2007,
SharePoint Server 2010, SharePoint Workspace 2010, SharePoint
Foundation 2010, Office Groove 2007, Office Forms Server 2007, Office
Groove Server 2007, Office Groove Data Bridge Server 2007, Office
Groove Management Server 2007, Groove Server 2010, Windows SharePoint
Services 2.0, Windows SharePoint Services 3.0, Office Web Apps 2010,
and Word Web App 2010.

Risk factor :

Medium / CVSS Base Score : 5.8
CVSS Temporal Score : 4.8
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 56177 ()

Bugtraq ID: 48199

CVE ID: CVE-2011-0653

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial