CVE-2011-1280 Information
Description
The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1 SP2 and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1 2008 SP1 and 2010 does not properly handle external entities which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file aka \XML External Entities Resolution Vulnerability.\
Reference
http://secunia.com/advisories/44912 http://www.securityfocus.com/bid/48196 http://www.securitytracker.com/id?1025646 http://www.securitytracker.com/id?1025647 http://www.securitytracker.com/id?1025648 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-049 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A12664
Share on: