MS13-013: Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2784242)

This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.

Synopsis :

The remote Windows host is affected by multiple code execution

Description :

The remote host is using a vulnerable version of FAST Search Server
2010 for SharePoint. When the Advanced Filter Pack is enabled,
vulnerable versions of the Oracle Outside In libraries are used to parse
files. An attacker could exploit this by uploading a malicious file to
a site using FAST Search to index, which could result in arbitrary code

See also :

Solution :

Microsoft has released a set of patches for FAST Search Server 2010.

Risk factor :

Medium / CVSS Base Score : 6.9
CVSS Temporal Score : 5.1
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 64574 ()

Bugtraq ID: 55977

CVE ID: CVE-2012-3214

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now