CVE-2011-1280
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
16/06/2011
Last modified:
11/04/2025
Description
The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka "XML External Entities Resolution Vulnerability."
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:microsoft:office_infopath:2007:sp2:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:office_infopath:2010:*:x32:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:office_infopath:2010:*:x64:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:sql_server:2005:sp3:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:sql_server:2005:sp3:express:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:sql_server:2005:sp3:express_advanced_services:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:sql_server:2005:sp3:itanium:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:sql_server:2005:sp3:x64:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:sql_server:2005:sp4:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:sql_server:2005:sp4:express:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:sql_server:2005:sp4:express_advanced_services:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:sql_server:2005:sp4:itanium:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:sql_server:2005:sp4:x64:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:sql_server:2008:r2:itanium:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:sql_server:2008:r2:x64:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/44912
- http://www.securityfocus.com/bid/48196
- http://www.securitytracker.com/id?1025646=
- http://www.securitytracker.com/id?1025647=
- http://www.securitytracker.com/id?1025648=
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-049
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12664
- http://secunia.com/advisories/44912
- http://www.securityfocus.com/bid/48196
- http://www.securitytracker.com/id?1025646=
- http://www.securitytracker.com/id?1025647=
- http://www.securitytracker.com/id?1025648=
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-049
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12664