Oval Definition:oval:org.mitre.oval:def:12907
Revision Date:2013-11-11Version:5
Title:SharePoint Remote File Disclosure Vulnerability
Description:Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2011-1892
Platform(s):Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft Groove Server 2010
Microsoft Office Forms Server 2007
Microsoft Office Groove 2007
Microsoft Office Groove Management Server 2007
Microsoft Office Groove Server 2007 Data Bridge
Microsoft Office Web Apps 2010
Microsoft SharePoint Foundation 2010
Microsoft SharePoint Server 2007
Microsoft SharePoint Server 2010
Microsoft SharePoint Workspace 2010
Microsoft Windows SharePoint Services 3.0
Microsoft Word Web App 2010
Definition Synopsis
  • Microsoft Office Groove 2007
  • Microsoft Office Groove 2007 is installed
  • AND Grooveutil.dll version is less than 12.0.6562.5000
  • OR Microsoft SharePoint Workspace 2010
  • Microsoft SharePoint Workspace 2010 is installed
  • AND Groove.exe version is less than 14.0.6106.5000
  • OR Microsoft Office Forms Server 2007
  • Microsoft Office Forms Server 2007 is installed
  • AND affected file
  • Pidval.exe version is less than 12.0.6562.5000
  • OR PidValidator.exe version is less than 12.0.6562.5000
  • Vulnerable Microsoft Office SharePoint Server 2007 (coreserver)
  • Microsoft Office SharePoint Server 2007 is installed.
  • AND the version of Osafehtm.dll is less than 12.0.6555.5000
  • Vulnerable Microsoft Office SharePoint Server 2007 (oserver/sserverx)
  • Microsoft Office SharePoint Server 2007 is installed.
  • AND affected file
  • Pidval.exe version is less than 12.0.6562.5000
  • OR PidValidator.exe version is less than 12.0.6562.5000
  • Vulnerable Microsoft Office SharePoint Server 2007 (dlc)
  • Microsoft Office SharePoint Server 2007 is installed.
  • AND Microsoft.office.policy.dll version is less than 12.0.6562.5000
  • Vulnerable Microsoft Office SharePoint Server 2010 (osrchwfe)
  • Microsoft Office SharePoint Server 2010 is installed.
  • AND Microsoft.SharePoint.Taxonomy.dll version is less than 14.0.6106.5001
  • Vulnerable Microsoft Office SharePoint Server 2010 (osrv/wosrv)
  • Microsoft Office SharePoint Server 2010 is installed.
  • AND Microsoft.office.server.dll version is less than 14.0.6106.5001
  • Vulnerable Microsoft Office SharePoint Server 2010 (ppsmawfe)
  • Microsoft Office SharePoint Server 2010 is installed.
  • AND Eawfap.dll version is less than 14.0.6106.5001
  • Vulnerable Microsoft Office SharePoint Server 2010 (dlc)
  • Microsoft Office SharePoint Server 2010 is installed.
  • AND Microsoft.office.policy.dll version is less than 14.0.6106.5001
  • Vulnerable Microsoft Office SharePoint Server 2010 (ppsmamui)
  • Microsoft Office SharePoint Server 2010 is installed.
  • AND Microsoft.SharePoint.Client.dll version is less than 14.0.6106.5001
  • OR Microsoft Office Groove Data Bridge Server 2007
  • Microsoft Office Groove Server 2007 Data Bridge is installed
  • AND Grooveutil.dll version is less than 4.2.2.2827
  • OR Microsoft Office Groove Server 2007 Manager
  • Microsoft Office Groove Server 2007 Manager is installed
  • AND Groove.management.server.dll version is less than 4.2.2.2827
  • OR Microsoft Groove Server 2010
  • Microsoft Groove Server 2010 is installed
  • AND Groove.management.server.dll version is less than 14.0.6106.5000
  • Vulnerable Microsoft Windows SharePoint Services 3.0
  • Microsoft Windows SharePoint Services 3.0 are installed
  • AND the version of Onetutil.dll is less than 12.0.6565.5001
  • Vulnerable Microsoft SharePoint Foundation 2010
  • Microsoft SharePoint Foundation 2010 is installed
  • AND OWSSVR.DLL version is less than 14.0.6106.5008
    • BACK