XML External Entities Resolution Vulnerability in Microsoft Products
CVE-2011-1280

Currently unrated

Key Information:

Vendor: Microsoft
Status: Sql Server Management Studio Express; Sql Server; Visual Studio; Office Infopath
Vendor: CVE Published:; 16 June 2011

Summary

The XML Editor in multiple Microsoft products fails to correctly process external entities, which can lead to unauthorized access to sensitive files from a remote location. Attackers can exploit this flaw through carefully crafted Web Service Discovery (.disco) files, potentially compromising system confidentiality and integrity.

References

http://www.securityfocus.com/bid/48196

vdb-entryx_refsource_BID

http://www.securitytracker.com/id?1025647

vdb-entryx_refsource_SECTRACK

http://www.securitytracker.com/id?1025648

vdb-entryx_refsource_SECTRACK

EPSS Score

33% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 16, 2011
Vulnerability Reserved
Mar 4, 2011