MS14 081 Vulnerability in SharePoint
Seems like this year has been really hard on Office Web Apps and Word Services within SharePoint 2010 / 2013 for security reasons.
Microsoft released another security bulletin that impacts:
- SharePoint 2010
- SharePoint 2013
- Office Web Apps 2013
- Microsoft Project Server 2010 / 2013
- and other application that leverages SharePoint platform
Here is the security bulletin that is ranked as critical.
Microsoft Security Bulletin MS14-081 – Critical
Vulnerabilities in Microsoft Word and Microsoft Office Web Apps Could Allow Remote Code Execution (3017301)
Following are the important resources on this issue.
- MS14-081: Vulnerabilities in Microsoft Word and Office Web Apps could allow remote code execution: December 9, 2014
- MS14-081: Description of the security update for SharePoint Server 2010: December 9, 2014
- CVE-ID Use After Free Word Remote Code Execution Vulnerability – CVE-2014-6357
- National Vulnerability Database
- US-Cert Security Bulletin
- Security Update for Microsoft SharePoint Server 2010 (KB2899581)
- Security Update for Microsoft SharePoint Enterprise Server 2013 (KB2883050)
- An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
- The vulnerability cannot be exploited automatically through email. For an attack to be successful a user must open an attachment that is sent in an email message.
- In a web-based attack scenario, an attacker could host a website that contains a file that is used to attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. An attacker would have no way to force users to visit a specially crafted website. Instead, an attacker would have to convince them to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker’s site, and then convince them to open the specially crafted file in an affected version of Microsoft Office software.
No workaround available so far.