all InfoSec news
CVE-2023–29357, CVE-2023–24955: Exploit Chain Released for Microsoft SharePoint Server Vulnerabilities
Cyber Exposure Alerts www.tenable.com
A proof-of-concept exploit chain has been released for two vulnerabilities in Microsoft SharePoint Server that can be exploited to achieve unauthenticated remote code execution.
Background
On September 25, STAR Labs researcher Nguyễn Tiến Giang (Jang) published a blog post outlining the successful chaining of CVE-2023–29357 and CVE-2023–24955 to achieve remote code execution (RCE) against Microsoft SharePoint Server. The exploit chain was demonstrated at the Zero Day Initiative’s (ZDI) Pwn2Own contest …
blog blog post code code execution concept cve exploit exploit chain exploited labs microsoft microsoft sharepoint proof proof-of-concept remote code remote code execution researcher september server sharepoint unauthenticated vulnerabilities