CVE-2014-0251

Published: May 14, 2014Modified: May 6, 2026

9.0

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability: 8.0 / Impact: 10.0

Source: NVD

Description

Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1; SharePoint Foundation 2010 SP1 and SP2 and 2013 Gold and SP1; Project Server 2010 SP1 and SP2 and 2013 Gold and SP1; Web Applications 2010 SP1 and SP2; Office Web Apps Server 2013 Gold and SP1; SharePoint Server 2013 Client Components SDK; and SharePoint Designer 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka "SharePoint Page Content Vulnerability."

Affected (24)

Products: Microsoft: Office Web Apps Server, Project Server, Sharepoint Designer, Sharepoint Foundation, Sharepoint Server, Sharepoint Server Client Components Sdk, Sharepoint Services, Web Applications

Microsoft

8 products

Office Web Apps Server

Project Server

Sharepoint Designer

Sharepoint Foundation

Sharepoint Server

Sharepoint Server Client Components Sdk

Sharepoint Services

Web Applications

Configuration A

24 vulnerable

Vulnerable Software	Affected Versions
Microsoft Office Web Apps Server	Version 2013
Microsoft Office Web Apps Server	Version 2013 sp1
Microsoft Project Server	Version 2010 sp1
Microsoft Project Server	Version 2010 sp2
Microsoft Project Server	Version 2013
Microsoft Project Server	Version 2013 sp1
Microsoft Sharepoint Designer	Version 2007 sp3
Microsoft Sharepoint Designer	Version 2010 sp1
Microsoft Sharepoint Designer	Version 2010 sp2
Microsoft Sharepoint Designer	Version 2013
Microsoft Sharepoint Designer	Version 2013 sp1
Microsoft Sharepoint Foundation	Version 2010 sp1
Microsoft Sharepoint Foundation	Version 2010 sp2
Microsoft Sharepoint Foundation	Version 2013
Microsoft Sharepoint Foundation	Version 2013 sp1
Microsoft Sharepoint Server	Version 2007 sp3
Microsoft Sharepoint Server	Version 2010 sp1
Microsoft Sharepoint Server	Version 2010 sp2
Microsoft Sharepoint Server	Version 2013
Microsoft Sharepoint Server	Version 2013 sp1
Microsoft Sharepoint Server Client Components Sdk	Version 2013
Microsoft Sharepoint Services	Version 3.0 sp3
Microsoft Web Applications	Version 2010 sp1
Microsoft Web Applications	Version 2010 sp2

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (4)

http://www.securitytracker.com/id/1030227

Source: secure@microsoft.com

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-022

Source: secure@microsoft.com

http://www.securitytracker.com/id/1030227

Source: af854a3a-2127-422b-91ae-364da2661108

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-022

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.