Description
The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka "XML External Entities Resolution Vulnerability."
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | n/a | affected |
|
Configuration 1 [-]
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: microsoft
Published:
Updated: 2024-08-06T22:21:34.188Z
Reserved: 2011-03-04T00:00:00.000Z
Link: CVE-2011-1280
Vulnrichment
No data.
NVD
Status : Deferred
Published: 2011-06-16T20:55:02.353
Modified: 2025-04-11T00:51:21.963
Link: CVE-2011-1280
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses