Published: 16/10/2020 Updated: 21/10/2020
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Microsoft SharePoint could allow a remote malicious user to execute arbitrary code on the system, caused by the failure to check the source markup of an application package. By persuading a victim to upload a specially crafted SharePoint application package, an attacker could exploit this vulnerability to execute arbitrary code on the system with privileges of the victim.

Vulnerability Trend

Mailing Lists

This Metasploit module exploits a server-side include (SSI) in SharePoint to leak the webconfig file and forge a malicious ViewState with the extracted validation key This exploit is authenticated and requires a user with page creation privileges, which is a standard permission in SharePoint The webconfig file will be stored in loot once retrie ...

Recent Articles

UK urges orgs to patch severe CVE-2020-16952 SharePoint RCE bug
BleepingComputer • Sergiu Gatlan • 16 Oct 2020

The U.K. National Cyber Security Centre (NCSC) today issued an alert highlighting the risks behind the recently addressed CVE2020-16952 remote code execution (RCE) vulnerability in Microsoft SharePoint Server.
NCSC, the cybersecurity arm of the UK's GCHQ intelligence service, urges organizations to make sure that all Microsoft SharePoint products in their environments are patched against CVE-2020-16952 to block takeover attempts.


October Patch Tuesday: Microsoft Patches Critical, Wormable RCE Bug
Threatpost • Tara Seals • 13 Oct 2020

Microsoft has pushed out fixes for 87 security vulnerabilities in October – 11 of them critical – and one of those is potentially wormable.
There are also six bugs that were previously unpatched but publicly disclosed, which could give cybercriminals a leg up — and in fact at least one public exploit is already circulating for this group.
This month’s Patch Tuesday overall includes fixes for bugs in Microsoft Windows, Office and Office Services and Web Apps, Azure Functions, ...

The Register

In brief Just days after issuing fixes for scores of bugs in its products for this month's Patch Tuesday, Microsoft has issued two more patches for security holes that can be exploited by maliciously crafted files to run malware on victims' computers.
The first, CVE-2020-17023, is a Visual Studio issue that allows for remote code execution after getting the target to click on a specially crafted package.json file.
As for the second, CVE-2020-17022, that's a memory-handling bug in the...