CyberSec.Space Logo
Back to CVE Browser

CVE-2013-1330

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0150%
EPSS Percentile14.58th
PublishedSep 11, 2013
Last ModifiedApr 29, 2026

Vulnerability Description

The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 does not set the EnableViewStateMac attribute, which allows remote attackers to execute arbitrary code by leveraging an unassigned workflow, aka "MAC Disabled Vulnerability."

Affected Platforms (CPE)

πŸ“¦
Microsoft

Sharepoint Foundation

= 2010
πŸ“¦
Microsoft

Sharepoint Foundation

= 2010
πŸ“¦
Microsoft

Sharepoint Portal Server

= 2003
πŸ“¦
Microsoft

Sharepoint Server

= 2007
πŸ“¦
Microsoft

Sharepoint Server

= 2010
πŸ“¦
Microsoft

Sharepoint Server

= 2010
πŸ“¦
Microsoft

Sharepoint Services

= 2.0
πŸ“¦
Microsoft

Sharepoint Services

= 3.0
πŸ“¦
Microsoft

Office Web Apps

= 2010

References & Advisories

πŸ”— http://www.us-cert.gov/ncas/alerts/TA13-253A
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-105
πŸ”— https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19040
πŸ”— http://www.us-cert.gov/ncas/alerts/TA13-253A
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-105
πŸ”— https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19040

Related Vulnerabilities

CVE-2015-16829.3

Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP...

CVE-2014-28169.3

Microsoft SharePoint Server 2013 Gold and SP1 and SharePoint Foundation 2013 Gold and SP1 allow remote authenticated users to gain...

CVE-2015-00859.3

Use-after-free vulnerability in Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Ex...

CVE-2014-02519.0

Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1; SharePoint Fou...