CVE-2011-1280
Last modified
CVE-2011-1280 is a vulnerability of currently unknown severity. The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka "XML External Entities Resolution Vulnerability.". EPSS estimates a 15.25% chance of exploitation in the next 30 days.
Description
The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka "XML External Entities Resolution Vulnerability."
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Microsoft | Office Infopath | 2007 | Sp2 |
| Microsoft | Office Infopath | 2010 | — |
| Microsoft | Sql Server | 2005 | Sp3 |
| Microsoft | Sql Server | 2008 | R2 |
| Microsoft | Sql Server Management Studio Express | 2005 | — |
| Microsoft | Visual Studio | 2005 | Sp1 |
| Microsoft | Visual Studio | 2008 | Sp1 |
| Microsoft | Visual Studio | 2010 | — |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2011-1280?
How severe is CVE-2011-1280?
How do I fix CVE-2011-1280?
Are you affected by CVE-2011-1280?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST