Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 16/06/2011 Updated: 12/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote malicious users to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka "XML External Entities Resolution Vulnerability."

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft sql server 2005
microsoft sql server 2008
microsoft sql server management studio express 2005
microsoft visual studio 2005
microsoft visual studio 2008
microsoft office infopath 2010
microsoft office infopath 2007
microsoft visual studio 2010

CWE-200 http://www.securitytracker.com/id?1025648 http://www.securitytracker.com/id?1025646 http://secunia.com/advisories/44912 http://www.securityfocus.com/bid/48196 http://www.securitytracker.com/id?1025647 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12664 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-049 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2011-1280

Vulnerability Summary

References

Vulmon Search

About

Products

Connect