CVE-2011-1280

The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka "XML External Entities Resolution Vulnerability."
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:microsoft:office_infopath:2007:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_infopath:2010:*:x32:*:*:*:*:*
cpe:2.3:a:microsoft:office_infopath:2010:*:x64:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:2005:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:2005:sp3:express:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:2005:sp3:express_advanced_services:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:2005:sp3:itanium:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:2005:sp3:x64:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:2005:sp4:*:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:2005:sp4:express:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:2005:sp4:express_advanced_services:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:2005:sp4:itanium:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:2005:sp4:x64:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:2008:r2:itanium:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:2008:r2:x64:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:2008:sp1:itanium:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:2008:sp1:x64:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:2008:sp2:itanium:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:2008:sp2:x32:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:2008:sp2:x64:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server_management_studio_express:2005:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server_management_studio_express:2005:*:x64:*:*:*:*:*
cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:visual_studio:2010:*:*:*:*:*:*:*

History

No history.

Information

Published : 2011-06-16 20:55

Updated : 2023-12-10 11:03


NVD link : CVE-2011-1280

Mitre link : CVE-2011-1280

CVE.ORG link : CVE-2011-1280


JSON object : View

Products Affected

microsoft

  • visual_studio
  • sql_server
  • office_infopath
  • sql_server_management_studio_express
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor