Oval Definition:oval:org.mitre.oval:def:24567
Revision Date:2015-05-11Version:18
Title:SharePoint Page Content Vulnerabilities (CVE-2014-0251) - MS14-022
Description:Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1; SharePoint Foundation 2010 SP1 and SP2 and 2013 Gold and SP1; Project Server 2010 SP1 and SP2 and 2013 Gold and SP1; Web Applications 2010 SP1 and SP2; Office Web Apps Server 2013 Gold and SP1; SharePoint Server 2013 Client Components SDK; and SharePoint Designer 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka "SharePoint Page Content Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2014-0251
Platform(s):Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft Expression Web
Microsoft Office Web Apps 2010
Microsoft Office Web Apps Server 2013
Microsoft Project Server 2010
Microsoft Project Server 2013
Microsoft SharePoint Designer 2007
Microsoft SharePoint Designer 2010
Microsoft SharePoint Designer 2013
Microsoft SharePoint Foundation 2010
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2007
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2013 Client Components SDK
Microsoft SharePoint Services 3.0
Definition Synopsis
  • sharepoint server 2007 sp3/version
  • Microsoft Office SharePoint Server 2007 SP3 is installed
  • AND either file versions
  • Check if the version of microsoft.office.server.conversions.dll is less than 12.0.6690.5000
  • OR Check if the version of microsoft.office.server.conversions.launcher.exe is less than 12.0.6690.5000
  • OR sharepoint services 3.0 sp3/version
  • Microsoft SharePoint Services 3.0 SP3 is installed
  • AND Check if the version of onetutil.dll is less than 12.0.6690.5000
  • OR foundation 2010/version
  • foundation 2010 sp1/sp2
  • Microsoft SharePoint Foundation 2010 Service Pack 1 is installed
  • OR Microsoft SharePoint Foundation 2010 Service Pack 2 is installed
  • AND Check if the version of onetutil.dll is less than 14.0.7123.5000
  • OR sharepoint server 2010/version
  • sharepoint server 2010 sp1/sp2
  • Microsoft SharePoint Server 2010 Service Pack 1 is installed
  • OR Microsoft SharePoint Server 2010 Service Pack 2 is installed
  • AND Check if the version of Microsoft.office.policy.dll is less than 14.0.7118.5000
  • OR foundation 2013/version
  • Check if the version of Microsoft.Office.Server.Msg.dll is less than 15.0.4514.1000
  • AND 2013/sp1
  • Microsoft SharePoint Server 2013 is installed
  • OR Microsoft SharePoint Server 2013 SP1 is installed
  • OR sharepoint foundation 2013/version
  • 2013/sp1
  • Microsoft SharePoint Foundation 2013 is installed
  • OR Microsoft SharePoint Foundation 2013 SP1 is installed
  • AND either versions
  • Check if the version of wsssetup.dll is less than 15.0.4615.1000
  • OR Check if the version of wsetupui.dll is less than 15.0.4561.1000
  • OR web apps/version
  • office web apps sp1/sp2
  • Microsoft Office Web Apps 2010 Service Pack 1 is installed
  • OR Microsoft Office Web Apps 2010 Service Pack 2 is installed
  • AND Check if the version of SWORD.DLL is less than 14.0.7123.5000
  • OR web apps server 2013/version
  • 2013/sp1
  • Microsoft Office Web Apps Server 2013 is installed
  • OR Microsoft Office Web Apps Server 2013 SP1 is installed
  • AND Check if the version of msoserver.dll is less than 15.0.4615.1000
  • OR designer 2010/version
  • sp1/sp2
  • Microsoft SharePoint Designer 2010 SP1 is installed
  • OR Microsoft SharePoint Designer 2010 SP2 is installed
  • AND Check if the version of Microsoft.web.design.client.dll is less than 14.0.7115.5000
  • OR designer 2013/version
  • either file versions
  • Check if the version of Fpexpsat.dll is less than 15.0.4567.1000
  • OR Check if the version of SPDESIGN.EXE is less than 15.0.4615.1000
  • AND 2013/sp1
  • Microsoft SharePoint Designer 2013 is installed
  • OR Microsoft SharePoint Designer 2013 SP1 is installed
  • OR SharePoint Server 2013 Client Components SDK/version
  • Microsoft SharePoint Server 2013 Client Components SDK is installed
  • AND Check if the version of Microsoft.sharepoint.client.dll is less than 15.0.4609.1000
  • OR project server 2010/version
  • sp1/sp2
  • Microsoft Project Server 2010 Service Pack 1 is installed
  • OR Microsoft Project Server 2010 Service Pack 2 is installed
  • AND Check if the version of Microsoft.office.project.server.pwa.applicationpages.dll is less than 14.0.7118.5000
  • OR designer 2007/version
  • Check if the version of spdesign.exe is less than 12.0.6652.5000
  • AND Microsoft SharePoint Designer 2007 SP3 is installed
  • OR expression web designer 2007 sp3/version
  • Check if the version of Microsoft.web.design.client.dll is less than 12.0.6690.5000
  • AND Microsoft Expression Web Service Pack 3 is installed
  • OR project server 2013/version
  • Check if the version of Microsoft.office.project.server.pwa.applicationpages.dll is less than 15.0.4569.1000
  • AND 2013/sp1
  • Microsoft Project Server 2013 SP1 is installed
  • OR Microsoft Project Server 2013 is installed
    • BACK