Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-3964

Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability."

Published

2010-12-16T19:33:03.367

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	microsoft	sharepoint_server	2007	Yes
Application	microsoft	sharepoint_server	2007	Yes

References

http://osvdb.org/69817 ([email protected])
http://secunia.com/advisories/42631 Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/45264 ([email protected])
http://www.securitytracker.com/id?1024886 ([email protected])
http://www.us-cert.gov/cas/techalerts/TA10-348A.html US Government Resource ([email protected])
http://www.vupen.com/english/advisories/2010/3226 Vendor Advisory ([email protected])
http://www.zerodayinitiative.com/advisories/ZDI-10-287/ ([email protected])
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-104 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11737 ([email protected])
http://osvdb.org/69817 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/42631 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/45264 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1024886 (af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/cas/techalerts/TA10-348A.html US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/3226 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.zerodayinitiative.com/advisories/ZDI-10-287/ (af854a3a-2127-422b-91ae-364da2661108)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-104 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11737 (af854a3a-2127-422b-91ae-364da2661108)