Remote File Disclosure in Microsoft Office and SharePoint Products
CVE-2011-1892

Currently unrated

Key Information:

Vendor: Microsoft
Status: Sharepoint Services; Sharepoint Server; Groove Server; Groove
Vendor: CVE Published:; 15 September 2011

Summary

Multiple Microsoft Office and SharePoint products have a vulnerability that arises from improper handling of Web Parts containing XML classes that reference external entities. This flaw enables remote authenticated users to exploit crafted XML and XSL files, potentially allowing unauthorized access to arbitrary files on the system. Admins and users of affected versions should consider applying updates and reviewing their security configurations to mitigate the risk associated with this vulnerability.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://securityreason.com/securityalert/8386

third-party-advisoryx_refsource_SREASON

http://www.us-cert.gov/cas/techalerts/TA11-256A.html

third-party-advisoryx_refsource_CERT

EPSS Score

57% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 15, 2011
Vulnerability Reserved
May 4, 2011