MS10-104: Vulnerability in Microsoft SharePoint Could Allow Remote Code Execution (2455005)

This script is Copyright (C) 2010-2017 Tenable Network Security, Inc.

Synopsis :

The remote host has a remote code execution vulnerability.

Description :

The version of SharePoint Server 2007 running on the remote host has a
remote code execution vulnerability. The Document Conversions Launcher
Service does not properly validate SOAP requests before processing

A remote attacker could exploit this by submitting a specially crafted
SOAP request, resulting in arbitrary code execution in the security
context of a guest account.

See also :

Solution :

Microsoft has released a set of patches for SharePoint Server 2007.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.2
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 51176 ()

Bugtraq ID: 45264

CVE ID: CVE-2010-3964

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now