===================================================================== CERT-Renater Note d'Information No. 2013/VULN138 _____________________________________________________________________ DATE : 10/04/2013 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S) : Systems running Microsoft SharePoint Server versions 2013. ====================================================================== KB2827663 https://technet.microsoft.com/en-us/security/bulletin/ms13-030 ______________________________________________________________________ Microsoft Security Bulletin MS13-030 - Important Vulnerability in SharePoint Could Allow Information Disclosure (2827663) Published Date: April 9, 2013 Version: 1.0 General Information Executive Summary This security update resolves a publicly disclosed vulnerability in Microsoft SharePoint Server. The vulnerability could allow information disclosure if an attacker determined the address or location of a specific SharePoint list and gained access to the SharePoint site where the list is maintained. The attacker would need to be able to satisfy the SharePoint site's authentication requests to exploit this vulnerability. This security update is rated Important for all supported editions of Microsoft SharePoint Server 2013. Affected Software Microsoft SharePoint Server 2013 (coreserver)(2760625) Microsoft SharePoint Server 2013 (sts) Incorrect Access Rights Information Disclosure Vulnerability - CVE-2013-1290 An information disclosure vulnerability exists in the way that SharePoint Server enforces access controls on specific SharePoint Lists. ====================================================================== ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================