Trending CVEs for the Week of May 13th, 2019

CVE-2019-0604 – Microsoft SharePoint Remote Code Execution Vulnerability

Description

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’.  An attacker could exploit the flaw by uploading a specially crafted SharePoint application package to affected versions of the software.

Affected Products

  • Microsoft SharePoint Enterprise Server 2016
  • Microsoft SharePoint Foundation 2010 Service Pack 2
  • Microsoft SharePoint Foundation 2013 Service Pack 1
  • Microsoft SharePoint Server 2010 Service Pack 2
  • Microsoft SharePoint Server 2013 Service Pack 1
  • Microsoft SharePoint Server 2019

Exploitation and Risk

Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected versions of SharePoint. The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.

Fixes

Users should update their systems as soon as possible. Patch can be found on the Microsoft Security Advisory.

References

National Vulnerability Database