SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   Microsoft SharePoint Vendors:   Microsoft
Microsoft SharePoint Server Bugs in Oracle Outside In Libraries Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1027295
SecurityTracker URL:  http://securitytracker.com/id/1027295
CVE Reference:   CVE-2012-1766, CVE-2012-1767, CVE-2012-1768, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, CVE-2012-3109, CVE-2012-3110   (Links to External Site)
Date:  Jul 25 2012
Impact:   Execution of arbitrary code via network, User access via network
Vendor Confirmed:  Yes  
Version(s): 2010 SP1
Description:   Multiple vulnerabilities were reported in Microsoft SharePoint Server. A remote user can cause arbitrary code to be executed on the target system.

A user can upload a specially crafted file to a target site that uses FAST Search to index. When the FAST Search index parses the specially crafted file, arbitrary code will be executed. The code will run in the context of a user with a restricted token.

Only systems with FAST Search with Advanced Filter Pack enabled are affected [not the default configuration].

The vulnerabilities reside in third party libraries (Oracle Outside In libraries) distributed with these Microsoft products.
Impact:   A remote user can create a file that, when procesed, will execute arbitrary code on the target FAST Search enabled system.
Solution:   No solution was available at the time of this entry.

The vendor has described a workaround in their advisory.

The vendor's advisory is available at:

http://technet.microsoft.com/en-us/security/advisory/2737111
Vendor URL:  technet.microsoft.com/en-us/security/advisory/2737111 (Links to External Site)
Cause:   Input validation error
Underlying OS:   Windows (2003), Windows (2008)

Message History:   None.

 Source Message Contents
Date:  Wed, 25 Jul 2012 02:12:09 +0000
Subject:  Microsoft SharePoint Server 2010 SP1


FAST Search Server 2010 for SharePoint

http://technet.microsoft.com/en-us/security/advisory/2737111

CVE-2012-1766
CVE-2012-1767
CVE-2012-1768
CVE-2012-1769
CVE-2012-1770
CVE-2012-1771
CVE-2012-1772
CVE-2012-1773
CVE-2012-3106
CVE-2012-3107
CVE-2012-3108
CVE-2012-3109
CVE-2012-3110


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC