=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2010/VULN539
_____________________________________________________________________

DATE                      : 15/12/2010

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows Server 2003, Windows Server 2008
                             running Microsoft SharePoint Server version 2007.

======================================================================
KB2455005
http://www.microsoft.com/technet/security/Bulletin/MS10-104.mspx
______________________________________________________________________

Microsoft Security Bulletin MS10-104 - Important
Vulnerability in Microsoft SharePoint Could Allow Remote Code Execution
(2455005)

Version: 1.0

General Information

Executive Summary

  This security update resolves a privately reported vulnerability in Microsoft
  SharePoint. The vulnerability could allow remote code execution in the
  security context of a guest user if an attacker sent a specially crafted SOAP
  request to the Document Conversions Launcher Service in a SharePoint server
  environment that is using the Document Conversions Load Balancer Service. By
  default, the Document Conversions Load Balancer Service and Document
  Conversions Launcher Service are not enabled in Microsoft Office SharePoint
  Server 2007.

  This security update is rated Important for all supported editions of
  Microsoft Office SharePoint Server 2007. For more information, see the
  subsection, Affected and Non-Affected Software, in this section.

  The update addresses the vulnerability by modifying the way that the Document
  Conversion Launcher Service validates specially crafted SOAP requests. For
  more information about the vulnerability, see the Frequently Asked Questions
  (FAQ) subsection for the specific vulnerability entry under the next section,
  Vulnerability Information.

Affected Software

  Microsoft Office SharePoint Server 2007 Service Pack 2 (32-bit editions)
  (KB2433089)
  Microsoft Office SharePoint Server 2007 Service Pack 2 (64-bit editions)
  (KB2433089)

Vulnerability Information

Malformed Request Code Execution Vulnerability - CVE-2010-3964

  A remote code execution vulnerability exists in the way that the Document
  Conversions Launcher Service validates SOAP requests before processing on a
  SharePoint server. An attacker who successfully exploited this vulnerability
  could run arbitrary code on an affected SharePoint server under the security
  context of a guest account.

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================