CVE Tools

CVE-2011-1892

Published: Sep 15, 2011Updated: Apr 29, 2026 Sources: CVE List NVDCWE-200

No Known Exploits

No Fix Available

Description

Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."

CVSS Vector Breakdown

Exploitability

AV:NAccess Vector

Network

AC:LAccess Complexity

Low

Au:SAuthentication

Single

Impact

C:PConfidentiality

Partial

I:NIntegrity

None

A:NAvailability

None

Open in CVSS calculator →

Weaknesses

Affected Products

forms server microsoft

On-prem

Operating Systems / windows

groove microsoft

On-prem

Operating Systems / windows

groove data bridge server microsoft

On-prem

Operating Systems / windows

groove management server microsoft

On-prem

Operating Systems / windows

groove server microsoft

On-prem

Communications / messaging-chat

microsoftcommercialUSOperating Systems

and 6 more affected products View all →

Exploitability

No known exploits, KEV entries, or remediation guidance available for this vulnerability yet.

Attack Graph

Products CVE Techniques Tactics

Click technique nodes to view MITRE ATT&CK details. Scroll to zoom, drag to pan.

MITRE ATT&CK

1 technique

Collection

View detailed technique mapping

References

http://securityreason.com/securityalert/8386

securityreason.com

http://www.us-cert.gov/cas/techalerts/TA11-256A.html

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074

docs.microsoft.com

and 1 more references View all →

Timeline

Published

Sep 15, 2011

Last Updated

Apr 29, 2026

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2011-1892 and every CVE in our database. Create a free account — no credit card required.

Create Free Account

Plain-language analysis

Impact assessment and exploitation scenario in plain English

Attack graph visualization

Interactive attack path and kill chain mapping

Exploit details & PoC links

ExploitDB, Metasploit, GitHub PoCs with direct links

Nuclei scanner templates

Ready-to-use vulnerability scanner templates

Full remediation guide

Patch instructions, workarounds, and compliance impact

Interactive AI chat

Ask questions about this vulnerability in natural language

Related vulnerabilities

Semantically similar CVEs and attack patterns

REST API & MCP access

Integrate vulnerability data into your workflows