MS13-084  Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution

2013-10-08 This security update resolves two privately reported vulnerabilities in Microsoft Office server software. The most severe vulnerability could allow remote code execution if a user opens a specially crafted Office file in an affected version of Microsoft SharePoint Server, Microsoft Office Services, or Web Apps.
Vulnerabilities addressed in this bulletin:

Microsoft Excel Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that affected Microsoft Office Services and Web Apps parse content in specially crafted files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
CVE-2013-3889

Parameter Injection Vulnerability

A remote code execution vulnerability exists in the way that affected Microsoft Office An elevation of privilege vulnerability exists in Microsoft SharePoint Server. An attacker who successfully exploited this vulnerability could perform cross-site scripting attacks and run script in the security context of the logged-on user.
CVE-2013-3895

Bulletin details at Microsoft.com