1. Home
  2. CVE Database
  3. CVE-2011-1280
MEDIUM · 4.3

CVE-2011-1280

The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, ...

Vulnerability Description

The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka "XML External Entities Resolution Vulnerability."

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:P/I:N/A:N
Confidentiality
PARTIAL
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
MicrosoftOffice Infopath2007
MicrosoftSql Server2005
MicrosoftSql Server Management Studio Express2005
MicrosoftVisual Studio2005

Related Weaknesses (CWE)

CWE-200

References

FAQ

What is CVE-2011-1280?

CVE-2011-1280 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, ...

How severe is CVE-2011-1280?

CVE-2011-1280 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-1280?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Office Infopath, Microsoft Sql Server, Microsoft Sql Server Management Studio Express, Microsoft Visual Studio.