CVE-2010-3964

Related Files

Microsoft Office SharePoint Server 2007 Remote Code Execution

Posted Jul 30, 2012

Authored by James Burton, juan, Oleksandr Mirosh | Site metasploit.com

This Metasploit module exploits a vulnerability found in SharePoint Server 2007 SP2. The software contains a directory traversal, that allows a remote attacker to write arbitrary files to the filesystem, sending a specially crafted SOAP ConvertFile request to the Office Document Conversions Launcher Service, which results in code execution under the context of 'SYSTEM'. The module uses uses the Windows Management Instrumentation service to execute an arbitrary payload on vulnerable installations of SharePoint on Windows 2003 Servers. It has been successfully tested on Office SharePoint Server 2007 SP2 over Windows 2003 SP2.

tags | exploit, remote, arbitrary, code execution

systems | windows

advisories | CVE-2010-3964, OSVDB-69817

MD5 | aecf7d89719f33bb3c548cb8e12e80ff

Download | Favorite | View

Zero Day Initiative Advisory 10-287

Posted Dec 15, 2010

Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-287 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Sharepoint Server utilizing Microsoft's Office Document Load Balancer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Office Document Conversions Launcher service and occurs due to insufficient parameter validation on a particular SOAP request. Successful exploitation will allow an attacker to upload and execute an arbitrary file on the target server.

tags | advisory, remote, arbitrary

advisories | CVE-2010-3964

MD5 | 305fc6630f4b1610e42339c181e65e66

Download | Favorite | View