Microsoft SharePoint XML处理远程文件泄露漏洞

2011-10-21T00:00:00
ID SSV:23117
Type seebug
Reporter Root
Modified 2011-10-21T00:00:00

Description

Bugtraq ID: 49511 CVE ID:CVE-2011-1892

Microsoft SharePoint Server是一款服务器功能集成套件,提供全面的内容管理和企业搜索、加速共享业务流程并便利跨界限信息共享。 Microsoft SharePoint存在文件泄露漏洞,允许恶意验证用户使用特制XML文件,以运行Sharepoint账户上下文读取SharePoint服务器上的本地文件。

Microsoft SharePoint Workspace 2010 SP1 Microsoft SharePoint Workspace 2010 0 Microsoft SharePoint Services 64-bit 3.0 SP2 Microsoft SharePoint Services 3.0 SP2 Microsoft SharePoint Server 2010 Standard Edition 0 Microsoft SharePoint Server 2010 Enterprise Edition 0 Microsoft SharePoint Server 2010 SP1 Microsoft SharePoint Server 2007 x64 SP2 Microsoft SharePoint Server 2007 SP2 Microsoft SharePoint Foundation 2010 0 Microsoft Office Web Apps 2010 SP1 Microsoft Office Web Apps 2010 0 Microsoft Office Groove Management Server 2007 SP2 Microsoft Office Groove Data Bridge Server 2007 SP2 Microsoft Office Forms Server 2007 SP2 Microsoft Groove Server 2010 SP1 Microsoft Groove Server 2010 0 Microsoft Groove 2007 SP2 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息: http://technet.microsoft.com/en-us/security/bulletin/ms11-074