First published: Wed Oct 09 2013(Updated: )
Microsoft SharePoint Server 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to conduct clickjacking attacks via a crafted web page, aka "Parameter Injection Vulnerability."
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Office Web Apps | =2010 | |
Microsoft SharePoint Server 2010 | =2007-sp3 | |
Microsoft SharePoint Server 2010 | =2010-sp1 | |
Microsoft SharePoint Server 2010 | =2010-sp2 | |
Microsoft SharePoint Server 2010 | =2013 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2013-3895 has a critical severity rating due to its potential to allow unauthorized actions through clickjacking attacks.
To fix CVE-2013-3895, apply the latest security updates provided by Microsoft for affected SharePoint and Office Web Apps versions.
CVE-2013-3895 affects Microsoft SharePoint Server 2007 SP3, 2010 SP1, 2010 SP2, and Microsoft Office Web Apps 2010.
CVE-2013-3895 allows remote attackers to conduct clickjacking attacks via crafted web pages.
CVE-2013-3895 is specifically a parameter injection vulnerability that is associated with clickjacking techniques.