VIR Vulnerability Intelligence Relay

CVE-2014-0251

critical
Published 2014-05-14 · Modified 2026-05-06
CVSS v3
VIR risk
9.0

Description

Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1; SharePoint Foundation 2010 SP1 and SP2 and 2013 Gold and SP1; Project Server 2010 SP1 and SP2 and 2013 Gold and SP1; Web Applications 2010 SP1 and SP2; Office Web Apps Server 2013 Gold and SP1; SharePoint Server 2013 Client Components SDK; and SharePoint Designer 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka "SharePoint Page Content Vulnerability."

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Application impact
VendorProductVersionsFixed
windows microsoftoffice_web_apps_server2013
windows microsoftproject_server2010
windows microsoftproject_server2013
windows microsoftsharepoint_designer2007
windows microsoftsharepoint_designer2010
windows microsoftsharepoint_designer2013
windows microsoftsharepoint_foundation2010
windows microsoftsharepoint_foundation2013
windows microsoftsharepoint_server2007
windows microsoftsharepoint_server2010
windows microsoftsharepoint_server2013
windows microsoftsharepoint_server_client_components_sdk2013
windows microsoftsharepoint_services3.0
windows microsoftweb_applications2010

References

CWEs

CWE-94

💬 Discuss CVE-2014-0251 on VIR Community →

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.