CVE-2011-1892

Microsoft SharePoint and Office Products - XML External Entity Injection in Web Parts

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-1892. PoCs published by Nicolas Gregoire.

AI-analyzed exploit summary This exploit leverages XML External Entity (XXE) injection to disclose arbitrary files from the server. The PoC includes an XML file with an external entity reference to 'c:\windows\system32\drivers\etc\hosts' and an XSL file to process the XML, demonstrating file disclosure in SharePoint and DotNetNuke.

Description

Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."

Exploits (1)

exploitdb WORKING POC

by Nicolas Gregoire · textwebappswindows

https://www.exploit-db.com/exploits/17873

View Code ZIP pw:eip

This exploit leverages XML External Entity (XXE) injection to disclose arbitrary files from the server. The PoC includes an XML file with an external entity reference to 'c:\windows\system32\drivers\etc\hosts' and an XSL file to process the XML, demonstrating file disclosure in SharePoint and DotNetNuke.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: SharePoint 2007 / 2010, DotNetNuke < 6

No auth needed

Prerequisites: Target application must process XML input with external entities enabled

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/8386

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA11-256A.html

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12907

Scores

EPSS 0.4228

EPSS Percentile 98.5%

Details

CWE

CWE-200

Status published

Products (11)

microsoft/forms_server 2007 sp2 (2 CPE variants)

microsoft/groove 2007 sp2

microsoft/groove_data_bridge_server 2007 sp2

microsoft/groove_management_server 2007 sp2

microsoft/groove_server 2010 (2 CPE variants)

microsoft/office_web_apps 2010 (2 CPE variants)

microsoft/sharepoint_foundation 2010

microsoft/sharepoint_server 2007 sp2 (2 CPE variants)

microsoft/sharepoint_server 2010 (2 CPE variants)

microsoft/sharepoint_services 3.0 sp2 (2 CPE variants)

... and 1 more

Published Sep 15, 2011

Tracked Since Feb 18, 2026