Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1280

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-1280
Last Modified 04 Apr 2012 12:00:00
Published 16 Jun 2011 04:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1280

Summary

The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka "XML External Entities Resolution Vulnerability."

Vulnerable Systems

Application

  • Microsoft Office Infopath 2007

  • Microsoft Office Infopath 2010

  • Microsoft Sql Server 2005

  • Microsoft Sql Server 2008

  • Microsoft Sql Server Management Studio Express 2005

  • Microsoft Visual Studio 2005

  • Microsoft Visual Studio 2008

  • Microsoft Visual Studio 2010


References

MS - MS11-049

SECTRACK - 1025648

SECTRACK - 1025647

SECTRACK - 1025646

BID - 48196

SECUNIA - 44912

Related Patches

MS11-049 Security Update for Microsoft Visual Studio 2008 Service Pack 1 XML Editor (KB2251487)

MS11-049 Security Update for Microsoft Visual Studio 2005 Service Pack 1 XML Editor (KB2251481) (3)

MS11-049 2543893 2494096 Security Update for SQL Server 2008/2008 Express SP1 (GDR) (All Languages) (See Notes)

MS11-049 2543893 2251481 Security Update for Microsoft Visual Studio 2005 (All Languages) (See Note) (Rev 3)

MS11-049 Security Update for Microsoft InfoPath 2010, 32-Bit Edition (KB2510065)

MS11-049 Security Update for Microsoft InfoPath 2010, 64-Bit Edition (KB2510065)

MS11-049 Security Update for SQL Server 2005 Service Pack 4 Failover Clustering (KB2494120) (See Notes)

MS11-049 Security Update for SQL Server 2005 Service Pack 3 Failover Clustering (KB2494112) (See Notes)

MS11-049 Security Update for SQL Server 2005 Service Pack 3 (KB2494113)

MS11-049 Security Update for SQL Server 2008 R2 (KB2494088)

MS11-049 Security Update for SQL Server 2005 Service Pack 4 (KB2494123)

MS11-049 Security Update for SQL Server 2008 R2 (KB2494086)

MS11-049 Security Update for SQL Server 2008 Service Pack 1 (KB2494100)

MS11-049 Security Update for Microsoft Visual Studio 2010 XML Editor (KB2251489)

MS11-049 Security Update for SQL Server 2005 Service Pack 4 Failover Clustering (KB2494123) (See Notes)

MS11-049 Security Update for SQL Server 2005 Service Pack 3 Failover Clustering (KB2494113) (See Notes)

MS11-049 Security Update for SQL Server 2005 Service Pack 3 (KB2546869)

MS11-049 Security Update for SQL Server 2005 Service Pack 4 (KB2494120)

MS11-049 Security Update for Microsoft Office InfoPath 2007 (KB2510061)

MS11-049 Security Update for SQL Server 2005 Service Pack 4 (KB2546869)

MS11-049 Security Update for SQL Server 2005 Service Pack 3 (KB2494112)

MS11-049 Security Update for SQL Server 2008 Service Pack 1 (KB2494096)

MS11-049 Security Update for SQL Server 2008 Service Pack 2 (KB2494094)

MS11-049 2543893 2546869 Security Update for SQL Server Management Studio Express 2005 SP4 (Rev 2)

MS11-049 2543893 2546869 Security Update for SQL Server Management Studio Express 2005 SP3 (Rev 2)

MS11-049 2543893 2251489 Security Update for Microsoft Visual Studio 2010 (All Languages)

MS11-049 2543893 2251487 Security Update for Microsoft Visual Studio 2008 (All Languages)

MS11-049 Security Update for Microsoft Visual Studio 2005 Service Pack 1 XML Editor (KB2251481) (1)


Last Updated: 27 May 2016 10:56:15