Tag
#microsoft
**Is the Preview Pane an attack vector for this vulnerability?** No, the Preview Pane is not an attack vector.
**Is the Preview Pane an attack vector for this vulnerability?** No, the Preview Pane is not an attack vector.
**Is the Preview Pane an attack vector for this vulnerability?** No, the Preview Pane is not an attack vector.
**What type of privileges could an attacker gain through this vulnerability?** An attacker could use this vulnerability to elevate privileges from Low Integrity Level in a contained ("sandboxed") excution environment to escalate to a Medium Integrity Level or a High Integrity Level. Please refer to https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation and https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control
**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.
**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user into opening a malicious MDB file in Access via ODBC, which could result in the attacker being able to execute arbitrary code on the victim's machine with the permission level at which Access is running.
**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.
**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** This vulnerability could lead to a contained execution environment escape. Please refer to https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation
**I am running SharePoint Enterprise Server 2013 Service Pack 1. Do I need to install both updates that are listed for SharePoint Enterprise Server 2013 Service Pack 1?** No. The Cumulative update for SharePoint Server 2013 includes the update for Foundation Server 2013. Customers running SharePoint Server 2013 Service Pack 1 can install the cumulative update or the security update, which is the same update as for Foundation Server 2013. Please note that this is a clarification of the existing servicing model for SharePoint Server 2013 and applies for all previous updates.
**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** This vulnerability could lead to a contained execution environment escape. Please refer to https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation