Vulnerability Description
Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Sharepoint Server | 2007 |
References
- http://osvdb.org/69817
- http://secunia.com/advisories/42631Vendor Advisory
- http://www.securityfocus.com/bid/45264
- http://www.securitytracker.com/id?1024886
- http://www.us-cert.gov/cas/techalerts/TA10-348A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2010/3226Vendor Advisory
- http://www.zerodayinitiative.com/advisories/ZDI-10-287/
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-10
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://osvdb.org/69817
- http://secunia.com/advisories/42631Vendor Advisory
- http://www.securityfocus.com/bid/45264
- http://www.securitytracker.com/id?1024886
- http://www.us-cert.gov/cas/techalerts/TA10-348A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2010/3226Vendor Advisory
FAQ
What is CVE-2010-3964?
CVE-2010-3964 is a vulnerability with a CVSS score of 7.5 (HIGH). Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allo...
How severe is CVE-2010-3964?
CVE-2010-3964 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-3964?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Sharepoint Server.