MS15-047: Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (3058083)

High Nessus Plugin ID 83357


The remote host is affected by a remote code execution vulnerability.


The remote Windows host has a version of Microsoft SharePoint Server that is affected by a remote code execution vulnerability due to not properly sanitizing specially crafted page content. An authenticated, remote attacker, by sending a malicious page to a SharePoint server, can exploit this to run arbitrary code in the security context of the W3WP service account.


Microsoft has released a set of patches for SharePoint Server 2007, 2010, and 2013.

See Also

Plugin Details

Severity: High

ID: 83357

File Name: smb_nt_ms15-047.nasl

Version: $Revision: 1.5 $

Type: local

Agent: windows

Published: 2015/05/12

Modified: 2017/07/24

Dependencies: 57033, 74250, 13855

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:sharepoint_server

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2015/05/12

Vulnerability Publication Date: 2015/05/12

Reference Information

CVE: CVE-2015-1700

BID: 74480

OSVDB: 122007

MSFT: MS15-047

MSKB: 2760412, 2956192, 3017815, 3054792

IAVA: 2015-A-0104