CVE-2017-0107
Description
Microsoft SharePoint Server fails to sanitize crafted web requests, allowing remote attackers to run cross-script in local security context, aka Microsoft SharePoint XSS Vulnerability.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
2.318
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Microsoft SharePoint Elevation of Privilege Vulnerability for Microsoft Office Compatibility Pack Service Pack 3 (KB3178677) | Windows |
| Microsoft SharePoint Elevation of Privilege Vulnerability for Microsoft Office Excel Viewer 2007 (KB3178680) | Windows |
| Microsoft SharePoint Elevation of Privilege Vulnerability for Microsoft Office Excel 2007 (KB3178676) | Windows |
| Microsoft SharePoint Elevation of Privilege Vulnerability for Microsoft Office 2010 (KB3178686) 64-Bit Edition | Windows |
| Microsoft SharePoint Elevation of Privilege Vulnerability for Microsoft Office 2010 (KB3178686) 32-Bit Edition | Windows |
| Microsoft SharePoint Elevation of Privilege Vulnerability for Word Viewer (KB3178694) | Windows |
| Microsoft SharePoint Elevation of Privilege Vulnerability for Microsoft Word 2016 (KB3178674) 64-Bit Edition | Windows |
| Microsoft SharePoint Elevation of Privilege Vulnerability for Microsoft Word 2016 (KB3178674) 32-Bit Edition | Windows |
| Microsoft SharePoint Elevation of Privilege Vulnerability for Microsoft Office Word 2007 (KB3178683) | Windows |
| Microsoft SharePoint Elevation of Privilege Vulnerability for Microsoft Word 2013 (KB3172464) 64-Bit Edition | Windows |
| Microsoft SharePoint Elevation of Privilege Vulnerability for Microsoft Word 2013 (KB3172464) 32-Bit Edition | Windows |
| Microsoft SharePoint Elevation of Privilege Vulnerability for Microsoft Word 2010 (KB3178687) 32-Bit Edition | Windows |
| Microsoft SharePoint Elevation of Privilege Vulnerability for Microsoft Excel 2010 (KB3178690) 64-Bit Edition | Windows |
| Microsoft SharePoint Elevation of Privilege Vulnerability for Microsoft Excel 2010 (KB3178690) 32-Bit Edition | Windows |
| Microsoft SharePoint Elevation of Privilege Vulnerability for Microsoft Excel 2016 (KB3178673) 64-Bit Edition | Windows |
| Microsoft SharePoint Elevation of Privilege Vulnerability for Microsoft Excel 2016 (KB3178673) 32-Bit Edition | Windows |
| Microsoft SharePoint Elevation of Privilege Vulnerability for Microsoft Excel 2013 (KB3172542) 64-Bit Edition | Windows |
| Microsoft SharePoint Elevation of Privilege Vulnerability for Microsoft Excel 2013 (KB3172542) 32-Bit Edition | Windows |
| Microsoft SharePoint Elevation of Privilege Vulnerability for Microsoft Office Web Apps Server 2013 (KB3172457) | Windows |
| Microsoft SharePoint Elevation of Privilege Vulnerability for Microsoft SharePoint Foundation 2013 (KB3172540) | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-22024 | Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3178677) |
| PATCH-22025 | Security Update for Microsoft Office Excel Viewer 2007 (KB3178680) |
| PATCH-22010 | Security Update for Microsoft Office Excel 2007 (KB3178676) |
| PATCH-22011 | Security Update for Microsoft Office 2010 (KB3178686) 64-Bit Edition |
| PATCH-22012 | Security Update for Microsoft Office 2010 (KB3178686) 32-Bit Edition |
| PATCH-22026 | Security Update for Word Viewer (KB3178694) |
| PATCH-22137 | Security Update for Microsoft Office Word 2007 (KB3178683) |
| PATCH-22019 | Security Update for Microsoft Word 2013 (KB3172464) 64-Bit Edition |
| PATCH-22018 | Security Update for Microsoft Word 2013 (KB3172464) 32-Bit Edition |
| PATCH-22015 | Security Update for Microsoft Word 2010 (KB3178687) 32-Bit Edition |
| PATCH-22014 | Security Update for Microsoft Excel 2010 (KB3178690) 64-Bit Edition |
| PATCH-22013 | Security Update for Microsoft Excel 2010 (KB3178690) 32-Bit Edition |
| PATCH-22021 | Security Update for Microsoft Excel 2016 (KB3178673) 64-Bit Edition |
| PATCH-22020 | Security Update for Microsoft Excel 2016 (KB3178673) 32-Bit Edition |
| PATCH-22017 | Security Update for Microsoft Excel 2013 (KB3172542) 64-Bit Edition |
| PATCH-22016 | Security Update for Microsoft Excel 2013 (KB3172542) 32-Bit Edition |
| PATCH-22136 | Security Update for Microsoft Office Web Apps Server 2013 (KB3172457) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234