OnlyFm252
Microsoft Office SharePoint

CVE-2019-1295 — Microsoft SharePoint Remote Code Execution Vulnerability

Critical EPSS 0.07784 2019-09 archive

Executive Summary

A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. Exploitation of this vulnerability requires that a user access a susceptible API on an affected version of SharePoint with specially-formatted input. The security update addresses the vulnerability by correcting how SharePoint handles deserialization of untrusted data.

Overview

Critical
MS Severity
Not Exploited
MS Exploit Status
More Likely
MS Exploit Likelihood
Category Remote Code Execution
Released Sep 10 2019
Last Updated Sep 10 2019
Publicly Disclosed No
CISA KEV Not Listed
Known Exploits None Known
EPSS Score 0.07784 — 0.93885 percentile

EPSS Score

0.07784
probability of exploitation in the next 30 days
0.93885 percentile - updated 2026-06-20
View on FIRST.org

Affected Products

4 affected products
Product KB Article Severity Impact Restart Required
Microsoft SharePoint Enterprise Server 2016 4475590 (Security Update) Critical Remote Code Execution Maybe
Microsoft SharePoint Foundation 2010 Service Pack 2 4475605 (Security Update) Critical Remote Code Execution Maybe
Microsoft SharePoint Foundation 2013 Service Pack 1 4484098 (Security Update) Critical Remote Code Execution Maybe
Microsoft SharePoint Server 2019 4475596 (Security Update) Critical Remote Code Execution Maybe

Patches

4 patches
Article Type Restart
4475590 Security Update Maybe
4475605 Security Update Maybe
4484098 Security Update Maybe
4475596 Security Update Maybe

Known Exploits

Acknowledgments

@mwulftange ) working with Trend Micro's Zero Day Initiative

On This Page