#rce

August “In the Trend of VM” (#18): vulnerabilities in Microsoft Windows and SharePoint. A traditional monthly roundup – this time, it’s extremely short. 🗞 Post on Habr (rus)🗒 Digest on the PT website (rus) Only two trending vulnerabilities: 🔻 Remote Code Execution – Microsoft SharePoint Server “ToolShell” (CVE-2025-53770). The vulnerability is being widely exploited; attackers […]

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Power Monitoring Expert Vulnerabilities: Path Traversal, Deserialization of Untrusted Data, Server-Side Request Forgery 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to read arbitrary files from the target machine, or to access internal services directly. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports the following versions of EcoStruxure Power Monitoring Expert are affected: EcoStruxure Power Monitoring Expert: Version 13.1 3.2 VULNERABILITY OVERVIEW 3.2.1 PATH TRAVERSAL CWE-22 Schneider Electric EcoStruxure Power Monitoring Expert contains a directory traversal vulnerability, which may enable remote code execution when an authenticated attacker with admin privileges uploads a malicious file over HTTP which then gets executed. Authentication is required to exploit th...

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network.

**According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?** The word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** A race condition is triggered when the admin begins administering from the host system and not a guest or nested guest.

**According to the CVSS metric, the privilege required is none (PR:N) and user interaction is none (UI:N). What does that mean for this vulnerability?** An attacker doesn't require any privileges on the systems hosting the web services. Successful exploitation of this vulnerability could cause Remote Code Execution or Information Disclosure on web services that are parsing documents that contain a specially crafted metafile, without the involvement of a victim user.

**According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?** The word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.