CVE-2013-1330

CWE-20 — Improper Input Validation14 documents4 sources

Severity

10.0CRITICAL

EPSS

67.1%

top 1.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office WEB Apps Microsoft Sharepoint Foundation Microsoft Sharepoint Portal Server +2 more

Timeline

PublishedSep 11

Latest updateMay 14

Description

The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 does not set the EnableViewStateMac attribute, which allows remote attackers to execute arbitrary code by leveraging an unassigned workflow, aka "MAC Disabled Vulnerability."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages5 packages

▶NVDmicrosoft/sharepoint_portal_server2003

▶NVDmicrosoft/sharepoint_server2007, 2010+1

▶NVDmicrosoft/office_web_apps2010

▶NVDmicrosoft/sharepoint_services2.0, 3.0+1

▶NVDmicrosoft/sharepoint_foundation2010

🔴Vulnerability Details

GHSA

GHSA-hcc7-7rjj-r32g: The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 do↗2022-05-14

▶

CVEList

CVE-2013-1330: The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 do↗2013-09-11

▶

📋Vendor Advisories

Red Hat

mysql: unspecified DoS related to Server Optimizer (CPU July 2013)↗2013-07-17

▶

Red Hat

mysql: unspecified DoS related to Full Text Search (CPU July 2013)↗2013-07-17

▶

Red Hat

mysql: unspecified DoS related to Server Options (CPU July 2013)↗2013-07-17

▶

Red Hat

mysql: unspecified vulnerability related to Information Schema (CPU April 2013)↗2013-04-16

▶

Red Hat

mysql: unspecified vulnerability related to Server Privileges (CPU April 2013)↗2013-04-16

▶