14 DAY TRIAL // Microsoft has released 13 security bulletins to address vulnerabilities in a wide range of products. One of the updates (MS13-067) addresses a Microsoft SharePoint Server 2013 issue identified by researchers from Vulnerability Lab, who have published a proof-of-concept for the flaw.
According to Vulnerability Lab, the issue was reported to Microsoft in February 2013.
The company released a fix for the issue in April. However, this new bulletin replaces the April update and fully addresses the vulnerability.
The high-impact security hole can be exploited by a remote attacker with low privileges to inject his own malicious script code in the vulnerable module of the software.
The flaw (CVE-2013-3179) can be exploited for session hijacking, phishing, stable external redirections, persistent context manipulation and for malware attacks, experts say.
“The vulnerability is located in the `Sharepoint Online Cloud 2013 Service` section when processing to request the `Berechtigungen für den Metadatenspeicher festlegen` module with manipulated ms-descriptionText > ctl00_PlaceHolderDialogBodySection_ PlaceHolderDialogBodyMainSection_ ValSummary parameters, ” Vulnerability Lab noted in its report.
“The persistent injected script code execution occurs in the main `invalid BDC Übereinstimmung` web application exception-handling.”
Since Vulnerability Lab is based in Germany, the names of the impacted modules and parameters are in German. “Berechtigungen für den Metadatenspeicher festlegen” refers to the module that’s used to set permissions when storing metadata.
In a report issued on Tuesday, Symantec also published the details of the vulnerability identified by Benjamin Kunz Mejri, the CEO of Vulnerability Lab.
“An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to perform unauthorized actions such as reading, modifying, or deleting content on behalf of the victim on the SharePoint site,” Symantec noted.
Back in April, when it released the first update for the flaw, Microsoft explained the limitations of this exploit vector.
“The vulnerability could allow information disclosure if an attacker determined the address or location of a specific SharePoint list and gained access to the SharePoint site where the list is maintained. The attacker would need to be able to satisfy the SharePoint site's authentication requests to exploit this vulnerability,” Microsoft noted in its advisory.
Regarding their cooperation with Microsoft on addressing the vulnerability, Kunz Mejri told Softpedia, “Microsoft was cooperative, the security coordination manager was Brandon and the submission was 100% matching with the responsible disclosure policy of the Microsoft security response center.”
The proof-of-concept for this security hole is available on Vulnerability Lab’s website.
SharePoint Server 2013 users are advised to apply the updates as soon as possible to protect themselves against cyberattacks. The security update is cataloged as being critical.
