CVE-2011-1280
Published Jun 16, 2011
Last updated 6 years ago
Overview
- Description
- The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka "XML External Entities Resolution Vulnerability."
- Source
- secure@microsoft.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-200
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_infopath:2007:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "81BD7AB6-9D00-47C3-9627-BB141538BF6B"
},
{
"criteria": "cpe:2.3:a:microsoft:office_infopath:2010:*:x32:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3518F3B5-5C15-42FB-855A-48CAF5D05AD8"
},
{
"criteria": "cpe:2.3:a:microsoft:office_infopath:2010:*:x64:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F18BF4FE-9517-47D0-9938-0418C86A5D56"
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "93B86335-EF14-4E4F-B192-2A5323A47D31"
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:express:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1E4FFD18-4CF8-4D4C-A9BF-F692CD5C2091"
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:express_advanced_services:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CF6E4324-61CD-497F-ACCD-50D253DE291A"
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:itanium:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AA80EDC4-4E84-40BE-86D5-1825AFA85390"
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:x64:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0F3BF09C-04D2-4367-BE58-72AD396B4110"
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "253CC41C-5DE2-4D76-8E69-13EF53FD256D"
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp4:express:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "794F6BFC-EFEA-4D9C-BCC6-78D05B560402"
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp4:express_advanced_services:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6CE40B2B-E1A0-4BBE-9A3B-5E7B14F83554"
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp4:itanium:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7E387893-EBA4-448A-9687-400F50A5A2F0"
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp4:x64:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9916AE10-8EBF-4BB9-885C-1FD0C20ED71C"
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2008:r2:itanium:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "597E44EF-D336-40C4-BB2B-0C8735B96721"
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2008:r2:x64:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "63DD17D8-8A29-48EE-8B71-ED3991D94E63"
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2008:sp1:itanium:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B520B7A3-E990-491E-B64E-3C60F8D2174B"
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2008:sp1:x64:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5FF8171B-403F-4B35-8CF3-1A5E8A9C74A6"
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2008:sp2:itanium:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5FA2E5E9-A530-4EBA-863A-322C10EFB82C"
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2008:sp2:x32:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "46B4CFCF-6A73-4F96-9F0A-42EE1D7EFD33"
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2008:sp2:x64:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "00F271BE-E397-4DAB-894E-EBA5CD7C465F"
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_management_studio_express:2005:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FF08EF73-73BF-48EE-B824-430F59AEA47B"
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server_management_studio_express:2005:*:x64:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "486B3E1A-DBBB-407B-9D93-05738F8E0AF7"
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9271AF1C-9B1C-4ADB-9F54-E63EBA2910F9"
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02"
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:2010:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7613B7D7-CF12-4D8D-AEE1-6274C1D7BEF2"
}
],
"operator": "OR"
}
]
}
]