CVE-2009-3830

Microsoft Office SharePoint Server 2007 Unauthenticated ASP.NET Source Code Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3830. PoCs published by Daniel Martin.

AI-analyzed exploit summary This is a technical writeup describing a source code disclosure vulnerability in Microsoft SharePoint Team Services. The issue allows attackers to retrieve the source code of ASP.NET files by crafting specific URLs to the download facility.

Description

The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Daniel Martin · textwebappsasp
https://www.exploit-db.com/exploits/9967

This is a technical writeup describing a source code disclosure vulnerability in Microsoft SharePoint Team Services. The issue allows attackers to retrieve the source code of ASP.NET files by crafting specific URLs to the download facility.

Classification
Writeup 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Microsoft SharePoint 2007 (12.0.0.6219, 12.0.0.4518 and possibly others)
No auth needed
Prerequisites: Access to the SharePoint server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/507419/100/0/threaded
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/36817
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/53955
Vendor Advisory vendor-advisory x_refsource_mskb
http://support.microsoft.com/kb/976829

Scores

EPSS 0.6418
EPSS Percentile 98.5%

Details

CWE
CWE-20
Status published
Products (1)
microsoft/sharepoint_server 2007
Published Oct 30, 2009
Tracked Since Feb 18, 2026