Home

CVE-2011-1280

Description

The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka XML External Entities Resolution Vulnerability.

Risk Information

Base Score
6.2
MODERATE
Vector
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
32.487

Associated Vulnerability

VulnerabilityOS Platform
Security Update for Microsoft Office InfoPath 2007 (KB2510061)Windows
Security Update for Microsoft InfoPath 2010 (KB2510065), 32-Bit EditionWindows
Security Update for Microsoft InfoPath 2010 (KB2510065), 64-Bit EditionWindows
Microsoft Visual Studio 2005 Service Pack 1 XML Editor Security Update(KB2251481)Windows
Microsoft Visual Studio 2008 Service Pack 1 XML Editor Security Update(KB2251487)Windows
Microsoft Visual Studio 2010 RTM XML Editor Security Update(KB2251489)Windows
Security Update for SQL Server 2005 Service Pack 3 (KB2494113)Windows
Security Update for SQL Server 2005 Service Pack 4 (KB2494120)Windows
Security Update for SQL Server 2008 Service Pack 1 (KB2494096) x86 based systemsWindows
Security Update for SQL Server 2008 Service Pack 1 (KB2494096) x64 bases systemsWindows
Security Update for SQL Server 2008 R2 RTM (KB2494088)Windows
Security Update for SQL Server 2008 R2 RTM (KB2494088)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-10534Microsoft Visual Studio 2005 Service Pack 1 XML Editor Security Update(KB2251481)
PATCH-10535Microsoft Visual Studio 2008 Service Pack 1 XML Editor Security Update(KB2251487)
PATCH-10536Microsoft Visual Studio 2010 RTM XML Editor Security Update(KB2251489)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234