HTTP: Microsoft SharePoint Server CVE-2013-1330 Remote Code Execution

This signature detects attempts to exploit a known vulnerability in the Microsoft SharePoint Server. A successful attack can lead to arbitrary code execution.

Extended Description

The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 does not set the EnableViewStateMac attribute, which allows remote attackers to execute arbitrary code by leveraging an unassigned workflow, aka "MAC Disabled Vulnerability."

Affected Products

Microsoft office_web_apps

References

CVE: CVE-2013-1330

Short Name
HTTP:MISC:MS-SHARE-POINT-RCE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2013-1330 Code Execution Microsoft Remote Server SharePoint
Release Date
11/26/2013
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3761
False Positive
Unknown
Vendors

Microsoft

CVSS Score

10.0

Found a potential security threat?