- May 4, 2019
- 801
In April 2020, Microsoft released four Critical and two Important-rated patches to fix remote code execution bugs in Microsoft SharePoint. All these are deserialization bugs. Two came through the ZDI program from an anonymous researcher: CVE-2020-0931 and CVE-2020-0932. This blog looks at that last CVE, also known as ZDI-20-468, in greater detail. Let’s start by taking a look at the bug in action.
Overview
This vulnerability allows authenticated users to execute arbitrary code on a SharePoint server. The code will execute in the context of the service account of the SharePoint web application. For a successful attack, the attacker must have the “Add or Customize Pages” permission on a SharePoint site or at least on one page on the site. However, the default configuration of SharePoint allows any authenticated user to create their own site with all the necessary permissions.
Zero Day Initiative — CVE-2020-0932: Remote Code Execution on Microsoft SharePoint Using TypeConverters
In April 2020, Microsoft released four Critical and two Important-rated patches to fix remote code execution bugs in Microsoft SharePoint. All these are deserialization bugs. Two came through the ZDI program from an anonymous researcher: CVE-2020-0931 and CVE-2020-0932 . This blog looks at that l
www.zerodayinitiative.com