CVE-2010-3964
Microsoft Sharepoint Server - Unrestricted File Upload
Title source: ruleDescription
Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability."
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/20122
metasploit
WORKING POC
EXCELLENT
by Oleksandr Mirosh, James Burton, Entomology: A Case Study of Rare and Interesting Bugs, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/ms10_104_sharepoint.rb
References (9)
Scores
EPSS
0.9060
EPSS Percentile
99.6%
Details
Status
published
Products (1)
microsoft/sharepoint_server
2007 sp2 (2 CPE variants)
Published
Dec 16, 2010
Tracked Since
Feb 18, 2026