Security Advisory - May 13, 2014

Zscaler Protects against SharePoint XSS and Internet Explorer Remote Code Execution Vulnerabilities

 

 

Zscaler, working with Microsoft through the MAPPs program, has proactively deployed protections for the following 3 vulnerabilities included in the May 2014 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the May release and deploy additional protections as necessary.

MS14-022 - SharePoint XSS Vulnerability

Severity: Critical
Affected Software

  • SharePoint Server 2007
  • SharePoint Server 2010
  • SharePoint Server 2013
  • Office Web Apps 2010
  • Office Web Apps 2013
  • SharePoint Designer 2007
  • SharePoint Designer 2010
  • SharePoint Designer 2013

CVE-2014-1754 – SharePoint XSS Vulnerability

Description: An elevation of privilege vulnerability exists in Microsoft SharePoint Server. An attacker who successfully exploited this vulnerability could allow an attacker to perform cross-site scripting attacks and run script in the security context of the logged-on user.

MS14-029 - Cumulative Security Update for Internet Explorer

Severity: Critical
Affected Software

  • Internet Explorer 6-11

CVE-2014-1815 – SharePoint XSS Vulnerability
CVE-2014-0310 – SharePoint XSS Vulnerability

Description: Remote code execution vulnerabilities exist when Internet Explorer improperly accesses objects in memory. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.