MS15-036: Vulnerabilities in Microsoft SharePoint Server Could Allow Elevation of Privilege (3052044)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host is affected by multiple cross-site scripting
vulnerabilities.

Description :

The remote Windows host has a version of Microsoft SharePoint Server
installed that is affected by multiple cross-site scripting
vulnerabilities due to improper sanitization of specially crafted
requests. An authenticated attacker can exploit these vulnerabilities
to access unauthorized content and execute arbitrary script code in
the context of the current user.

See also :

https://technet.microsoft.com/library/security/MS15-036

Solution :

Microsoft has released a set of patches for SharePoint Server 2010 and
2013.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 82773 ()

Bugtraq ID: 73992
73999

CVE ID: CVE-2015-1640
CVE-2015-1653

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now