===================================================================== CERT-Renater Note d'Information No. 2014/VULN162 _____________________________________________________________________ DATE : 12/08/2014 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Microsoft SharePoint Server version 2013. ====================================================================== KB2977202 https://technet.microsoft.com/library/security/ms14-050 ______________________________________________________________________ Microsoft Security Bulletin MS14-050 - Important Vulnerability in Microsoft SharePoint Server Could Allow Elevation of Privilege (2977202) Published: August 12, 2014 Version: 1.0 General Information Executive Summary This security update resolves one privately reported vulnerability in Microsoft SharePoint Server. An authenticated attacker who successfully exploited this vulnerability could use a specially crafted app to run arbitrary JavaScript in the context of the user on the current SharePoint site. This security update is rated Important for supported editions of Microsoft SharePoint Server 2013 and Microsoft SharePoint Foundation 2013. Affected Software Microsoft SharePoint Server 2013 Microsoft SharePoint Server 2013 Service Pack 1 Microsoft SharePoint Server 2013 Microsoft SharePoint Server 2013 Service Pack 1 Vulnerability Information SharePoint Page Content Vulnerability - CVE-2014-2816 An elevation of privilege vulnerability exists in SharePoint Server. An authenticated attacker who successfully exploited this vulnerability could use a specially crafted app to run arbitrary code in the security context of the logged-on user. To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2014-2816. ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================