Microsoft SharePoint CVE-2013-0084 Directory Traversal Vulnerability

Bugtraq ID:	58370
Class:	Input Validation Error
CVE:	CVE-2013-0084
Remote:	Yes
Local:	No
Published:	Mar 12 2013 12:00AM
Updated:	Mar 12 2013 12:00AM
Credit:	Moritz Jodeit of n.runs AG
Vulnerable:	Microsoft SharePoint Server 2010 SP1 Microsoft SharePoint Foundation 2010 SP1
Not Vulnerable:

Microsoft SharePoint CVE-2013-0084 Directory Traversal Vulnerability

Microsoft SharePoint is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied data.

A remote attacker could exploit this vulnerability using directory-traversal strings (such as '../') to obtain sensitive information or elevate their privileges. This could help the attacker launch further attacks.

Microsoft SharePoint CVE-2013-0084 Directory Traversal Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Microsoft SharePoint CVE-2013-0084 Directory Traversal Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.


Microsoft SharePoint Foundation 2010 SP1

• Microsoft Security Update for Microsoft SharePoint Foundation 2010 (KB2687418)
  http://www.microsoft.com/downloads/details.aspx?familyid=293666ec-3290 -4c6f-a7f6-b44c9b7fa0a6

Microsoft SharePoint CVE-2013-0084 Directory Traversal Vulnerability

References:

• SharePoint Server Homepage (Microsoft)