Security Team Intelligence
Trending CVEs for the Week of May 13th, 2019
- May 16, 2019
- Michael Tucker
CVE-2019-0604 – Microsoft SharePoint Remote Code Execution Vulnerability
Description
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. An attacker could exploit the flaw by uploading a specially crafted SharePoint application package to affected versions of the software.
Affected Products
- Microsoft SharePoint Enterprise Server 2016
- Microsoft SharePoint Foundation 2010 Service Pack 2
- Microsoft SharePoint Foundation 2013 Service Pack 1
- Microsoft SharePoint Server 2010 Service Pack 2
- Microsoft SharePoint Server 2013 Service Pack 1
- Microsoft SharePoint Server 2019
Exploitation and Risk
Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected versions of SharePoint. The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.
Fixes
Users should update their systems as soon as possible. Patch can be found on the Microsoft Security Advisory.
