CVE-2015-2556
Microsoft SharePoint Server 2007 SP3 and 2010 SP2 - XML External Entity Injection in InfoPath Forms Services
Title source: llmDescription
The InfoPath Forms Services component in Microsoft SharePoint Server 2007 SP3 and 2010 SP2 misparses DTDs, which allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka "Microsoft SharePoint Information Disclosure Vulnerability."
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1033804
Scores
EPSS
0.1562
EPSS Percentile
96.4%
Details
CWE
CWE-200
Status
published
Products (2)
microsoft/sharepoint_server
2007 sp3
microsoft/sharepoint_server
2010 sp2
Published
Oct 14, 2015
Tracked Since
Feb 18, 2026