Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4
CVSSv2

CVE-2011-1892

Published: 15/09/2011 Updated: 12/10/2018
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
VMScore: 405
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Subscribe to Microsoft

Vulnerability Summary

Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft sharepoint workspace 2010

microsoft sharepoint server 2010

microsoft office web apps 2010

microsoft forms server 2007

microsoft groove server 2010

microsoft sharepoint services 3.0

microsoft sharepoint server 2007

microsoft sharepoint foundation 2010

microsoft groove 2007

microsoft groove data bridge server 2007

microsoft groove management server 2007

Exploits

Exploit DB: SharePoint 2007/2010 and DotNetNuke < 6 - File Disclosure (via XEE)
Exploit Title: File disclosure via XEE in SharePoint and DotNetNuke Date: September 15, 2011 Author: Nicolas Gregoire Version: SharePoint 2007 / 2010, DotNetNuke &lt; 6 CVE : CVE-2011-1892 poc filename: xeexml &lt;!DOCTYPE doc [ &lt;!ENTITY boom SYSTEM "c:\\windows\\system32\\drivers\\etc\\hosts"&gt; ]&gt; &lt;doc&gt;&amp;boom;&lt;/doc&gt; poc ...
Exploit DB: SharePoint 2007 / 2010 And DotNetNuke File Disclosure
SharePoint 2007 / 2010 and DotNetNuke versions prior to 6 suffer from a file disclosure vulnerability ...

References

CWE-200http://www.us-cert.gov/cas/techalerts/TA11-256A.htmlhttp://securityreason.com/securityalert/8386https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12907https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074https://nvd.nist.govhttps://www.exploit-db.com/exploits/17873/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook