CVE-2013-1330: Input Validation
First published: Wed Sep 11 2013(Updated: )
The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 does not set the EnableViewStateMac attribute, which allows remote attackers to execute arbitrary code by leveraging an unassigned workflow, aka "MAC Disabled Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft SharePoint Foundation | =2010-sp1 | |
| Microsoft SharePoint Foundation | =2010-sp2 | |
| Microsoft SharePoint Portal Server | =2003-sp3 | |
| Microsoft SharePoint Server | =2007-sp3 | |
| Microsoft SharePoint Server | =2010-sp1 | |
| Microsoft SharePoint Server | =2010-sp2 | |
| Microsoft Sharepoint Services | =2.0 | |
| Microsoft Sharepoint Services | =3.0 | |
| Microsoft Office Web Apps | =2010-sp1 | |
| Microsoft Office Web Apps | =2010-sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-1330?
CVE-2013-1330 has a severity level that can allow remote code execution if exploited.
How do I fix CVE-2013-1330?
To fix CVE-2013-1330, apply the latest security updates provided by Microsoft for affected SharePoint and Office Web Apps versions.
Which software is affected by CVE-2013-1330?
CVE-2013-1330 affects Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3, SharePoint Server 2010 SP1 and SP2, and Office Web Apps 2010.
What vulnerabilities are similar to CVE-2013-1330?
Similar vulnerabilities include issues with the EnableViewStateMac attribute that can lead to information disclosure and remote code execution.
How can I determine if my system is vulnerable to CVE-2013-1330?
You can determine if your system is vulnerable to CVE-2013-1330 by checking the configuration of the affected SharePoint products and ensuring all relevant updates are applied.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/description
- agent/tags
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- vendor/microsoft
- canonical/microsoft sharepoint foundation
- version/microsoft sharepoint foundation/2010-sp1
- version/microsoft sharepoint foundation/2010-sp2
- canonical/microsoft sharepoint portal server
- version/microsoft sharepoint portal server/2003-sp3
- canonical/microsoft sharepoint server
- version/microsoft sharepoint server/2007-sp3
- version/microsoft sharepoint server/2010-sp1
- version/microsoft sharepoint server/2010-sp2
- canonical/microsoft sharepoint services
- version/microsoft sharepoint services/2.0
- version/microsoft sharepoint services/3.0
- canonical/microsoft office web apps
- version/microsoft office web apps/2010-sp1
- version/microsoft office web apps/2010-sp2