| Title | 複数の Microsoft 製品における任意のファイルを読まれる脆弱性 |
|---|---|
| Summary | 複数の Microsoft 製品には、外部エンティティを参照する XML クラスを含む Web Parts を適切に処理しないため、任意のファイルを読まれる脆弱性が存在します。 |
| Possible impacts | リモート認証されたユーザにより、巧妙に細工された XML と XSL ファイルを介して、任意のファイルを読まれる可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | Sept. 13, 2011, midnight |
| Registration Date | Oct. 21, 2011, 3:18 p.m. |
| Last Update | Oct. 21, 2011, 3:18 p.m. |
| CVSS2.0 : 警告 | |
| Score | 4 |
|---|---|
| Vector | AV:N/AC:L/Au:S/C:P/I:N/A:N |
| マイクロソフト |
| Microsoft Groove Server 2010 |
| Microsoft Office Forms Server 2007 (32-bit editions) |
| Microsoft Office Forms Server 2007 (64-bit editions) |
| Microsoft Office Groove 2007 |
| Microsoft Office Groove Data Bridge Server 2007 |
| Microsoft Office Groove Management Server 2007 |
| Microsoft Office SharePoint Server 2007 (32-bit editions) |
| Microsoft Office SharePoint Server 2007 (64-bit editions) |
| Microsoft Office SharePoint Server 2010 |
| Microsoft Office Web Apps 2010 |
| Microsoft SharePoint Foundation 2010 |
| Microsoft SharePoint Workspace 2010 (32-bit editions) |
| Microsoft SharePoint Workspace 2010 (64-bit editions) |
| Microsoft Windows SharePoint Services 3.0 (32-bit versions) |
| Microsoft Windows SharePoint Services 3.0 (64-bit versions) |
| No | Changed Details | Date of change |
|---|---|---|
| 0 | [2011年10月21日] 掲載 |
Feb. 17, 2018, 10:37 a.m. |
| Summary | Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability." |
|---|---|
| Publication Date | Sept. 15, 2011, 9:26 p.m. |
| Registration Date | Jan. 28, 2021, 4:38 p.m. |
| Last Update | Nov. 21, 2024, 10:27 a.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:microsoft:sharepoint_services:3.0:sp2:x32:*:*:*:*:* | |||||
| cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:x64:*:*:*:*:* | |||||
| cpe:2.3:a:microsoft:groove_server:2010:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:microsoft:groove:2007:sp2:*:*:*:*:*:* | |||||
| cpe:2.3:a:microsoft:groove_server:2010:sp1:*:*:*:*:*:* | |||||
| cpe:2.3:a:microsoft:sharepoint_workspace:2010:*:x32:*:*:*:*:* | |||||
| cpe:2.3:a:microsoft:sharepoint_services:3.0:sp2:x64:*:*:*:*:* | |||||
| cpe:2.3:a:microsoft:groove_data_bridge_server:2007:sp2:*:*:*:*:*:* | |||||
| cpe:2.3:a:microsoft:forms_server:2007:sp2:x64:*:*:*:*:* | |||||
| cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:* | |||||
| cpe:2.3:a:microsoft:sharepoint_workspace:2010:sp1:x32:*:*:*:*:* | |||||
| cpe:2.3:a:microsoft:office_web_apps:2010:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:microsoft:sharepoint_foundation:2010:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:* | |||||
| cpe:2.3:a:microsoft:sharepoint_workspace:2010:sp1:x64:*:*:*:*:* | |||||
| cpe:2.3:a:microsoft:forms_server:2007:sp2:x32:*:*:*:*:* | |||||
| cpe:2.3:a:microsoft:sharepoint_workspace:2010:*:x64:*:*:*:*:* | |||||
| cpe:2.3:a:microsoft:sharepoint_server:2010:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:x32:*:*:*:*:* | |||||
| cpe:2.3:a:microsoft:groove_management_server:2007:sp2:*:*:*:*:*:* | |||||