Microsoft SharePoint Remote Code Execution Vulnerability

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p> <p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p> <p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

N/A

Microsoft SharePoint 安全漏洞

Microsoft SharePoint是美国微软（Microsoft）公司的一套企业业务协作平台。该平台用于对业务信息进行整合，并能够共享工作、与他人协同工作、组织项目和工作组、搜索人员和信息。 Microsoft SharePoint 中存在安全漏洞。该漏洞源于当软件无法检查应用程序包的源标记时,存在远程执行代码漏洞。攻击者可以利用该漏洞获取与用户相同权限。以下产品及版本受到影响： Microsoft SharePoint Enterprise Server 2016版本， Microsoft Sha

N/A

N/A