CVE-2010-3964

Related Files

Microsoft Office SharePoint Server 2007 Remote Code Execution

Posted Jul 30, 2012

Authored by James Burton, juan, Oleksandr Mirosh | Site metasploit.com

This Metasploit module exploits a vulnerability found in SharePoint Server 2007 SP2. The software contains a directory traversal, that allows a remote attacker to write arbitrary files to the filesystem, sending a specially crafted SOAP ConvertFile request to the Office Document Conversions Launcher Service, which results in code execution under the context of 'SYSTEM'. The module uses uses the Windows Management Instrumentation service to execute an arbitrary payload on vulnerable installations of SharePoint on Windows 2003 Servers. It has been successfully tested on Office SharePoint Server 2007 SP2 over Windows 2003 SP2.

tags | exploit, remote, arbitrary, code execution

systems | windows

advisories | CVE-2010-3964, OSVDB-69817

SHA-256 | 7ad8e7d26bc7d8213c68e74fdb77fb2a0f223d16965a4e6425e8d2f9797435cd

Download | Favorite | View

Zero Day Initiative Advisory 10-287

Posted Dec 15, 2010

Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-287 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Sharepoint Server utilizing Microsoft's Office Document Load Balancer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Office Document Conversions Launcher service and occurs due to insufficient parameter validation on a particular SOAP request. Successful exploitation will allow an attacker to upload and execute an arbitrary file on the target server.

tags | advisory, remote, arbitrary

advisories | CVE-2010-3964

SHA-256 | 322eede1474adc2826f89bd0a74b567d46dfc161c36ec6602672c779b8c0671e

Download | Favorite | View