Vulnerabilites related to microsoft - office_infopath
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name.
References
cve@mitre.orghttp://securitytracker.com/id?1013454
cve@mitre.orghttp://support.microsoft.com/kb/867443Vendor Advisory
cve@mitre.orghttp://www.osvdb.org/14882
cve@mitre.orghttp://www.securityfocus.com/bid/12824
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1013454
af854a3a-2127-422b-91ae-364da2661108http://support.microsoft.com/kb/867443Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/14882
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/12824
Impacted products
Vendor Product Version
microsoft office_infopath 2003


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:microsoft:office_infopath:2003:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C62AC446-3233-43E0-A9D6-9D08F0319369",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name.",
      },
   ],
   id: "CVE-2005-0820",
   lastModified: "2025-04-03T01:03:51.193",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2005-05-02T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://securitytracker.com/id?1013454",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://support.microsoft.com/kb/867443",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.osvdb.org/14882",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/12824",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securitytracker.com/id?1013454",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://support.microsoft.com/kb/867443",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.osvdb.org/14882",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/12824",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Deferred",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2010-06-08 20:30
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization.
References
secure@microsoft.comhttp://support.avaya.com/css/P8/documents/100089747
secure@microsoft.comhttp://www.securityfocus.com/bid/40409
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA10-159B.htmlUS Government Resource
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-035
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-039
secure@microsoft.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/58866
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6677
af854a3a-2127-422b-91ae-364da2661108http://support.avaya.com/css/P8/documents/100089747
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/40409
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA10-159B.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-035
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-039
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/58866
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6677
Impacted products
Vendor Product Version
microsoft office_infopath 2003
microsoft office_infopath 2007
microsoft office_infopath 2007
microsoft sharepoint_server 2007
microsoft sharepoint_server 2007
microsoft sharepoint_server 2007
microsoft sharepoint_server 2007
microsoft sharepoint_services 3.0
microsoft sharepoint_services 3.0
microsoft sharepoint_services 3.0
microsoft sharepoint_services 3.0
microsoft internet_explorer 8
microsoft windows_2003_server *
microsoft windows_2003_server *
microsoft windows_7 -
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_server_2008 r2
microsoft windows_server_2008 r2
microsoft windows_vista *
microsoft windows_vista *
microsoft windows_vista -
microsoft windows_vista -
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_xp -


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:microsoft:office_infopath:2003:sp3:*:*:*:*:*:*",
                     matchCriteriaId: "CB617E35-99C6-4599-8B71-000609A00B0E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:office_infopath:2007:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "E14D83E9-162E-4E33-9FC7-5CFB594AA401",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:office_infopath:2007:sp2:*:*:*:*:*:*",
                     matchCriteriaId: "81BD7AB6-9D00-47C3-9627-BB141538BF6B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:microsoft:sharepoint_server:2007:sp1:x32:*:*:*:*:*",
                     matchCriteriaId: "958F9130-C44A-4DE3-B79C-323E9B2B4151",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:sharepoint_server:2007:sp1:x64:*:*:*:*:*",
                     matchCriteriaId: "F6A740A7-9011-4D85-B6AF-59A7A4440BD6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:x32:*:*:*:*:*",
                     matchCriteriaId: "586E6C37-346C-40BA-AC89-2CEB8C44E190",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:x64:*:*:*:*:*",
                     matchCriteriaId: "48EB5C93-55BF-4608-A9DC-EDD8DE15EE44",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:microsoft:sharepoint_services:3.0:sp1:x32:*:*:*:*:*",
                     matchCriteriaId: "FC40A747-CEBB-4F49-A4CF-A2F31890F39E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:sharepoint_services:3.0:sp1:x64:*:*:*:*:*",
                     matchCriteriaId: "71AFF167-D300-44A8-8735-E1A0AC8CF9EA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:sharepoint_services:3.0:sp2:x32:*:*:*:*:*",
                     matchCriteriaId: "CF40F903-0026-4673-89A3-6F889D877E2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:sharepoint_services:3.0:sp2:x64:*:*:*:*:*",
                     matchCriteriaId: "376C9A84-74B1-4717-B88E-153ADD7D686D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*",
                     matchCriteriaId: "A52E757F-9B41-43B4-9D67-3FEDACA71283",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
                     matchCriteriaId: "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*",
                     matchCriteriaId: "6881476D-81A2-4DFD-AC77-82A8D08A0568",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E33796DB-4523-4F04-B564-ADF030553D51",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
                     matchCriteriaId: "9CFB1A97-8042-4497-A45D-C014B5E240AB",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
                     matchCriteriaId: "7F9C7616-658D-409D-8B53-AC00DC55602A",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*",
                     matchCriteriaId: "B8A32637-65EC-42C4-A892-0E599562527C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*",
                     matchCriteriaId: "FFF81F4B-7D92-4398-8658-84530FB8F518",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*",
                     matchCriteriaId: "CC916D5A-0644-4423-A52E-D4310906BE78",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*",
                     matchCriteriaId: "95DC297F-06DB-4FB3-BFB6-7312C059E047",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
                     matchCriteriaId: "0A0D2704-C058-420B-B368-372D1129E914",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "3A04E39A-623E-45CA-A5FC-25DAA0F275A3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*",
                     matchCriteriaId: "BF1AD1A1-EE20-4BCE-9EE6-84B27139811C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
                     matchCriteriaId: "9B339C33-8896-4896-88FF-88E74FDBC543",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
                     matchCriteriaId: "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*",
                     matchCriteriaId: "FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la API toStaticHTML, tal como es usada en Microsoft Office InfoPath 2003 SP3, 2007 SP1 y 2007 SP2; Office SharePoint Server 2007 SP1 y SP2; SharePoint Services 3.0 SP1 y SP2 y Internet Explorer 8 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores relacionados con procedimientos de limpieza.",
      },
   ],
   id: "CVE-2010-1257",
   lastModified: "2025-04-11T00:51:21.963",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2010-06-08T20:30:02.397",
   references: [
      {
         source: "secure@microsoft.com",
         url: "http://support.avaya.com/css/P8/documents/100089747",
      },
      {
         source: "secure@microsoft.com",
         url: "http://www.securityfocus.com/bid/40409",
      },
      {
         source: "secure@microsoft.com",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.us-cert.gov/cas/techalerts/TA10-159B.html",
      },
      {
         source: "secure@microsoft.com",
         url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-035",
      },
      {
         source: "secure@microsoft.com",
         url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-039",
      },
      {
         source: "secure@microsoft.com",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/58866",
      },
      {
         source: "secure@microsoft.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6677",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://support.avaya.com/css/P8/documents/100089747",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/40409",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.us-cert.gov/cas/techalerts/TA10-159B.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-035",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-039",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/58866",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6677",
      },
   ],
   sourceIdentifier: "secure@microsoft.com",
   vulnStatus: "Deferred",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2011-06-16 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka "XML External Entities Resolution Vulnerability."
References
secure@microsoft.comhttp://secunia.com/advisories/44912
secure@microsoft.comhttp://www.securityfocus.com/bid/48196
secure@microsoft.comhttp://www.securitytracker.com/id?1025646
secure@microsoft.comhttp://www.securitytracker.com/id?1025647
secure@microsoft.comhttp://www.securitytracker.com/id?1025648
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-049
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12664
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/44912
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/48196
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1025646
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1025647
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1025648
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-049
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12664
Impacted products
Vendor Product Version
microsoft office_infopath 2007
microsoft office_infopath 2010
microsoft office_infopath 2010
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2008
microsoft sql_server 2008
microsoft sql_server 2008
microsoft sql_server 2008
microsoft sql_server 2008
microsoft sql_server 2008
microsoft sql_server 2008
microsoft sql_server_management_studio_express 2005
microsoft sql_server_management_studio_express 2005
microsoft visual_studio 2005
microsoft visual_studio 2008
microsoft visual_studio 2010


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:microsoft:office_infopath:2007:sp2:*:*:*:*:*:*",
                     matchCriteriaId: "81BD7AB6-9D00-47C3-9627-BB141538BF6B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:office_infopath:2010:*:x32:*:*:*:*:*",
                     matchCriteriaId: "3518F3B5-5C15-42FB-855A-48CAF5D05AD8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:office_infopath:2010:*:x64:*:*:*:*:*",
                     matchCriteriaId: "F18BF4FE-9517-47D0-9938-0418C86A5D56",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:sql_server:2005:sp3:*:*:*:*:*:*",
                     matchCriteriaId: "93B86335-EF14-4E4F-B192-2A5323A47D31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:sql_server:2005:sp3:express:*:*:*:*:*",
                     matchCriteriaId: "1E4FFD18-4CF8-4D4C-A9BF-F692CD5C2091",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:sql_server:2005:sp3:express_advanced_services:*:*:*:*:*",
                     matchCriteriaId: "CF6E4324-61CD-497F-ACCD-50D253DE291A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:sql_server:2005:sp3:itanium:*:*:*:*:*",
                     matchCriteriaId: "AA80EDC4-4E84-40BE-86D5-1825AFA85390",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:sql_server:2005:sp3:x64:*:*:*:*:*",
                     matchCriteriaId: "0F3BF09C-04D2-4367-BE58-72AD396B4110",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:sql_server:2005:sp4:*:*:*:*:*:*",
                     matchCriteriaId: "253CC41C-5DE2-4D76-8E69-13EF53FD256D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:sql_server:2005:sp4:express:*:*:*:*:*",
                     matchCriteriaId: "794F6BFC-EFEA-4D9C-BCC6-78D05B560402",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:sql_server:2005:sp4:express_advanced_services:*:*:*:*:*",
                     matchCriteriaId: "6CE40B2B-E1A0-4BBE-9A3B-5E7B14F83554",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:sql_server:2005:sp4:itanium:*:*:*:*:*",
                     matchCriteriaId: "7E387893-EBA4-448A-9687-400F50A5A2F0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:sql_server:2005:sp4:x64:*:*:*:*:*",
                     matchCriteriaId: "9916AE10-8EBF-4BB9-885C-1FD0C20ED71C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:sql_server:2008:r2:itanium:*:*:*:*:*",
                     matchCriteriaId: "597E44EF-D336-40C4-BB2B-0C8735B96721",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:sql_server:2008:r2:x64:*:*:*:*:*",
                     matchCriteriaId: "63DD17D8-8A29-48EE-8B71-ED3991D94E63",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:sql_server:2008:sp1:itanium:*:*:*:*:*",
                     matchCriteriaId: "B520B7A3-E990-491E-B64E-3C60F8D2174B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:sql_server:2008:sp1:x64:*:*:*:*:*",
                     matchCriteriaId: "5FF8171B-403F-4B35-8CF3-1A5E8A9C74A6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:sql_server:2008:sp2:itanium:*:*:*:*:*",
                     matchCriteriaId: "5FA2E5E9-A530-4EBA-863A-322C10EFB82C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:sql_server:2008:sp2:x32:*:*:*:*:*",
                     matchCriteriaId: "46B4CFCF-6A73-4F96-9F0A-42EE1D7EFD33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:sql_server:2008:sp2:x64:*:*:*:*:*",
                     matchCriteriaId: "00F271BE-E397-4DAB-894E-EBA5CD7C465F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:sql_server_management_studio_express:2005:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF08EF73-73BF-48EE-B824-430F59AEA47B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:sql_server_management_studio_express:2005:*:x64:*:*:*:*:*",
                     matchCriteriaId: "486B3E1A-DBBB-407B-9D93-05738F8E0AF7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "9271AF1C-9B1C-4ADB-9F54-E63EBA2910F9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:visual_studio:2010:*:*:*:*:*:*:*",
                     matchCriteriaId: "7613B7D7-CF12-4D8D-AEE1-6274C1D7BEF2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka \"XML External Entities Resolution Vulnerability.\"",
      },
      {
         lang: "es",
         value: "El editor de XML en Microsoft Office InfoPath 2007 SP2 y 2010; SQL Server 2005 SP3 y SP4 y 2008 SP1, SP2 y R2; SQL Server Management Studio Express (SSMSE) 2005; y Visual Studio 2005 SP1, 2008 SP1, y 2010 no maneja correctamente entidades externas, lo que permite a atacantes remotos leer archivos arbitrarios a través de un fichero .disco (Web Service Discovery) manipulado, también conocido como \"XML External Entities Resolution Vulnerability\"",
      },
   ],
   id: "CVE-2011-1280",
   lastModified: "2025-04-11T00:51:21.963",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2011-06-16T20:55:02.353",
   references: [
      {
         source: "secure@microsoft.com",
         url: "http://secunia.com/advisories/44912",
      },
      {
         source: "secure@microsoft.com",
         url: "http://www.securityfocus.com/bid/48196",
      },
      {
         source: "secure@microsoft.com",
         url: "http://www.securitytracker.com/id?1025646",
      },
      {
         source: "secure@microsoft.com",
         url: "http://www.securitytracker.com/id?1025647",
      },
      {
         source: "secure@microsoft.com",
         url: "http://www.securitytracker.com/id?1025648",
      },
      {
         source: "secure@microsoft.com",
         url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-049",
      },
      {
         source: "secure@microsoft.com",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12664",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/44912",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/48196",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id?1025646",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id?1025647",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id?1025648",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-049",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12664",
      },
   ],
   sourceIdentifier: "secure@microsoft.com",
   vulnStatus: "Deferred",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-200",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

cve-2005-0820
Vulnerability from cvelistv5
Published
2005-03-20 05:00
Modified
2024-08-07 21:28
Severity ?
Summary
Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name.
References
http://securitytracker.com/id?1013454vdb-entry, x_refsource_SECTRACK
http://www.osvdb.org/14882vdb-entry, x_refsource_OSVDB
http://www.securityfocus.com/bid/12824vdb-entry, x_refsource_BID
http://support.microsoft.com/kb/867443vendor-advisory, x_refsource_MSKB
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T21:28:28.464Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "1013454",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1013454",
               },
               {
                  name: "14882",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://www.osvdb.org/14882",
               },
               {
                  name: "12824",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/12824",
               },
               {
                  name: "867443",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MSKB",
                     "x_transferred",
                  ],
                  url: "http://support.microsoft.com/kb/867443",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2005-02-22T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2005-12-20T10:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "1013454",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1013454",
            },
            {
               name: "14882",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://www.osvdb.org/14882",
            },
            {
               name: "12824",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/12824",
            },
            {
               name: "867443",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MSKB",
               ],
               url: "http://support.microsoft.com/kb/867443",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2005-0820",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "1013454",
                     refsource: "SECTRACK",
                     url: "http://securitytracker.com/id?1013454",
                  },
                  {
                     name: "14882",
                     refsource: "OSVDB",
                     url: "http://www.osvdb.org/14882",
                  },
                  {
                     name: "12824",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/12824",
                  },
                  {
                     name: "867443",
                     refsource: "MSKB",
                     url: "http://support.microsoft.com/kb/867443",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2005-0820",
      datePublished: "2005-03-20T05:00:00",
      dateReserved: "2005-03-20T00:00:00",
      dateUpdated: "2024-08-07T21:28:28.464Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2011-1280
Vulnerability from cvelistv5
Published
2011-06-16 20:21
Modified
2024-08-06 22:21
Severity ?
Summary
The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka "XML External Entities Resolution Vulnerability."
References
http://www.securityfocus.com/bid/48196vdb-entry, x_refsource_BID
http://www.securitytracker.com/id?1025647vdb-entry, x_refsource_SECTRACK
http://www.securitytracker.com/id?1025648vdb-entry, x_refsource_SECTRACK
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-049vendor-advisory, x_refsource_MS
http://www.securitytracker.com/id?1025646vdb-entry, x_refsource_SECTRACK
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12664vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/44912third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T22:21:34.188Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "48196",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/48196",
               },
               {
                  name: "1025647",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1025647",
               },
               {
                  name: "1025648",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1025648",
               },
               {
                  name: "MS11-049",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MS",
                     "x_transferred",
                  ],
                  url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-049",
               },
               {
                  name: "1025646",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1025646",
               },
               {
                  name: "oval:org.mitre.oval:def:12664",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12664",
               },
               {
                  name: "44912",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/44912",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2011-06-14T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka \"XML External Entities Resolution Vulnerability.\"",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-12T19:57:01",
            orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            shortName: "microsoft",
         },
         references: [
            {
               name: "48196",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/48196",
            },
            {
               name: "1025647",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1025647",
            },
            {
               name: "1025648",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1025648",
            },
            {
               name: "MS11-049",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MS",
               ],
               url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-049",
            },
            {
               name: "1025646",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1025646",
            },
            {
               name: "oval:org.mitre.oval:def:12664",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12664",
            },
            {
               name: "44912",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/44912",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secure@microsoft.com",
               ID: "CVE-2011-1280",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka \"XML External Entities Resolution Vulnerability.\"",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "48196",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/48196",
                  },
                  {
                     name: "1025647",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id?1025647",
                  },
                  {
                     name: "1025648",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id?1025648",
                  },
                  {
                     name: "MS11-049",
                     refsource: "MS",
                     url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-049",
                  },
                  {
                     name: "1025646",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id?1025646",
                  },
                  {
                     name: "oval:org.mitre.oval:def:12664",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12664",
                  },
                  {
                     name: "44912",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/44912",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
      assignerShortName: "microsoft",
      cveId: "CVE-2011-1280",
      datePublished: "2011-06-16T20:21:00",
      dateReserved: "2011-03-04T00:00:00",
      dateUpdated: "2024-08-06T22:21:34.188Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2010-1257
Vulnerability from cvelistv5
Published
2010-06-08 20:00
Modified
2024-08-07 01:21
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization.
References
http://support.avaya.com/css/P8/documents/100089747x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/58866vdb-entry, x_refsource_XF
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-039vendor-advisory, x_refsource_MS
http://www.securityfocus.com/bid/40409vdb-entry, x_refsource_BID
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6677vdb-entry, signature, x_refsource_OVAL
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-035vendor-advisory, x_refsource_MS
http://www.us-cert.gov/cas/techalerts/TA10-159B.htmlthird-party-advisory, x_refsource_CERT
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T01:21:17.161Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://support.avaya.com/css/P8/documents/100089747",
               },
               {
                  name: "ie-tostatichtml-information-disclosure(58866)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/58866",
               },
               {
                  name: "MS10-039",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MS",
                     "x_transferred",
                  ],
                  url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-039",
               },
               {
                  name: "40409",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/40409",
               },
               {
                  name: "oval:org.mitre.oval:def:6677",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6677",
               },
               {
                  name: "MS10-035",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MS",
                     "x_transferred",
                  ],
                  url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-035",
               },
               {
                  name: "TA10-159B",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT",
                     "x_transferred",
                  ],
                  url: "http://www.us-cert.gov/cas/techalerts/TA10-159B.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2010-06-08T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-12T19:57:01",
            orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            shortName: "microsoft",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://support.avaya.com/css/P8/documents/100089747",
            },
            {
               name: "ie-tostatichtml-information-disclosure(58866)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/58866",
            },
            {
               name: "MS10-039",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MS",
               ],
               url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-039",
            },
            {
               name: "40409",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/40409",
            },
            {
               name: "oval:org.mitre.oval:def:6677",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6677",
            },
            {
               name: "MS10-035",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MS",
               ],
               url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-035",
            },
            {
               name: "TA10-159B",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT",
               ],
               url: "http://www.us-cert.gov/cas/techalerts/TA10-159B.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secure@microsoft.com",
               ID: "CVE-2010-1257",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://support.avaya.com/css/P8/documents/100089747",
                     refsource: "CONFIRM",
                     url: "http://support.avaya.com/css/P8/documents/100089747",
                  },
                  {
                     name: "ie-tostatichtml-information-disclosure(58866)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/58866",
                  },
                  {
                     name: "MS10-039",
                     refsource: "MS",
                     url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-039",
                  },
                  {
                     name: "40409",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/40409",
                  },
                  {
                     name: "oval:org.mitre.oval:def:6677",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6677",
                  },
                  {
                     name: "MS10-035",
                     refsource: "MS",
                     url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-035",
                  },
                  {
                     name: "TA10-159B",
                     refsource: "CERT",
                     url: "http://www.us-cert.gov/cas/techalerts/TA10-159B.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
      assignerShortName: "microsoft",
      cveId: "CVE-2010-1257",
      datePublished: "2010-06-08T20:00:00",
      dateReserved: "2010-04-05T00:00:00",
      dateUpdated: "2024-08-07T01:21:17.161Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}