Microsoft SharePoint Picker.aspx deserialization vulnerability

Added: 03/03/2020
CVE: CVE-2019-0604
BID: 106914

Background

Microsoft SharePoint is a tool for management and automation of business processes, as well as a platform for social networking.

Problem

A deserialization vulnerability in Microsoft SharePoint allows remote attackers to execute arbitrary commands by sending a specially crafted request to the Picker.aspx resource.

Resolution

Apply the appropriate update referenced in Microsoft advisory CVE-2019-0604.

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0604

Platforms

Windows

Back to exploit index