cvelistv5 - cve-2011-1280

CVE-2011-1280 (GCVE-0-2011-1280)

Vulnerability from cvelistv5 – Published: 2011-06-16 20:21 – Updated: 2024-08-06 22:21

Summary

The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka "XML External Entities Resolution Vulnerability."

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	http://www.securityfocus.com/bid/48196	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id?1025647	vdb-entryx_refsource_SECTRACK
	http://www.securitytracker.com/id?1025648	vdb-entryx_refsource_SECTRACK
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.securitytracker.com/id?1025646	vdb-entryx_refsource_SECTRACK
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/44912	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:21:34.188Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "48196",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/48196"
          },
          {
            "name": "1025647",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025647"
          },
          {
            "name": "1025648",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025648"
          },
          {
            "name": "MS11-049",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-049"
          },
          {
            "name": "1025646",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025646"
          },
          {
            "name": "oval:org.mitre.oval:def:12664",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12664"
          },
          {
            "name": "44912",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44912"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-06-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka \"XML External Entities Resolution Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "48196",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/48196"
        },
        {
          "name": "1025647",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025647"
        },
        {
          "name": "1025648",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025648"
        },
        {
          "name": "MS11-049",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-049"
        },
        {
          "name": "1025646",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025646"
        },
        {
          "name": "oval:org.mitre.oval:def:12664",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12664"
        },
        {
          "name": "44912",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44912"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2011-1280",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka \"XML External Entities Resolution Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "48196",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/48196"
            },
            {
              "name": "1025647",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1025647"
            },
            {
              "name": "1025648",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1025648"
            },
            {
              "name": "MS11-049",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-049"
            },
            {
              "name": "1025646",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1025646"
            },
            {
              "name": "oval:org.mitre.oval:def:12664",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12664"
            },
            {
              "name": "44912",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44912"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2011-1280",
    "datePublished": "2011-06-16T20:21:00",
    "dateReserved": "2011-03-04T00:00:00",
    "dateUpdated": "2024-08-06T22:21:34.188Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office_infopath:2007:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"81BD7AB6-9D00-47C3-9627-BB141538BF6B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office_infopath:2010:*:x32:*:*:*:*:*\", \"matchCriteriaId\": \"3518F3B5-5C15-42FB-855A-48CAF5D05AD8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office_infopath:2010:*:x64:*:*:*:*:*\", \"matchCriteriaId\": \"F18BF4FE-9517-47D0-9938-0418C86A5D56\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2005:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"93B86335-EF14-4E4F-B192-2A5323A47D31\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2005:sp3:express:*:*:*:*:*\", \"matchCriteriaId\": \"1E4FFD18-4CF8-4D4C-A9BF-F692CD5C2091\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2005:sp3:express_advanced_services:*:*:*:*:*\", \"matchCriteriaId\": \"CF6E4324-61CD-497F-ACCD-50D253DE291A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2005:sp3:itanium:*:*:*:*:*\", \"matchCriteriaId\": \"AA80EDC4-4E84-40BE-86D5-1825AFA85390\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2005:sp3:x64:*:*:*:*:*\", \"matchCriteriaId\": \"0F3BF09C-04D2-4367-BE58-72AD396B4110\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2005:sp4:*:*:*:*:*:*\", \"matchCriteriaId\": \"253CC41C-5DE2-4D76-8E69-13EF53FD256D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2005:sp4:express:*:*:*:*:*\", \"matchCriteriaId\": \"794F6BFC-EFEA-4D9C-BCC6-78D05B560402\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2005:sp4:express_advanced_services:*:*:*:*:*\", \"matchCriteriaId\": \"6CE40B2B-E1A0-4BBE-9A3B-5E7B14F83554\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2005:sp4:itanium:*:*:*:*:*\", \"matchCriteriaId\": \"7E387893-EBA4-448A-9687-400F50A5A2F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2005:sp4:x64:*:*:*:*:*\", \"matchCriteriaId\": \"9916AE10-8EBF-4BB9-885C-1FD0C20ED71C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2008:r2:itanium:*:*:*:*:*\", \"matchCriteriaId\": \"597E44EF-D336-40C4-BB2B-0C8735B96721\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2008:r2:x64:*:*:*:*:*\", \"matchCriteriaId\": \"63DD17D8-8A29-48EE-8B71-ED3991D94E63\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2008:sp1:itanium:*:*:*:*:*\", \"matchCriteriaId\": \"B520B7A3-E990-491E-B64E-3C60F8D2174B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2008:sp1:x64:*:*:*:*:*\", \"matchCriteriaId\": \"5FF8171B-403F-4B35-8CF3-1A5E8A9C74A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2008:sp2:itanium:*:*:*:*:*\", \"matchCriteriaId\": \"5FA2E5E9-A530-4EBA-863A-322C10EFB82C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2008:sp2:x32:*:*:*:*:*\", \"matchCriteriaId\": \"46B4CFCF-6A73-4F96-9F0A-42EE1D7EFD33\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2008:sp2:x64:*:*:*:*:*\", \"matchCriteriaId\": \"00F271BE-E397-4DAB-894E-EBA5CD7C465F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server_management_studio_express:2005:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF08EF73-73BF-48EE-B824-430F59AEA47B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server_management_studio_express:2005:*:x64:*:*:*:*:*\", \"matchCriteriaId\": \"486B3E1A-DBBB-407B-9D93-05738F8E0AF7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"9271AF1C-9B1C-4ADB-9F54-E63EBA2910F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:visual_studio:2010:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7613B7D7-CF12-4D8D-AEE1-6274C1D7BEF2\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka \\\"XML External Entities Resolution Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"El editor de XML en Microsoft Office InfoPath 2007 SP2 y 2010; SQL Server 2005 SP3 y SP4 y 2008 SP1, SP2 y R2; SQL Server Management Studio Express (SSMSE) 2005; y Visual Studio 2005 SP1, 2008 SP1, y 2010 no maneja correctamente entidades externas, lo que permite a atacantes remotos leer archivos arbitrarios a trav\\u00e9s de un fichero .disco (Web Service Discovery) manipulado, tambi\\u00e9n conocido como \\\"XML External Entities Resolution Vulnerability\\\"\"}]",
      "id": "CVE-2011-1280",
      "lastModified": "2024-11-21T01:25:58.903",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2011-06-16T20:55:02.353",
      "references": "[{\"url\": \"http://secunia.com/advisories/44912\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/bid/48196\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securitytracker.com/id?1025646\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securitytracker.com/id?1025647\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securitytracker.com/id?1025648\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-049\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12664\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://secunia.com/advisories/44912\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/48196\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1025646\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1025647\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1025648\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-049\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12664\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-1280\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2011-06-16T20:55:02.353\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka \\\"XML External Entities Resolution Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"El editor de XML en Microsoft Office InfoPath 2007 SP2 y 2010; SQL Server 2005 SP3 y SP4 y 2008 SP1, SP2 y R2; SQL Server Management Studio Express (SSMSE) 2005; y Visual Studio 2005 SP1, 2008 SP1, y 2010 no maneja correctamente entidades externas, lo que permite a atacantes remotos leer archivos arbitrarios a trav\u00e9s de un fichero .disco (Web Service Discovery) manipulado, tambi\u00e9n conocido como \\\"XML External Entities Resolution Vulnerability\\\"\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_infopath:2007:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"81BD7AB6-9D00-47C3-9627-BB141538BF6B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_infopath:2010:*:x32:*:*:*:*:*\",\"matchCriteriaId\":\"3518F3B5-5C15-42FB-855A-48CAF5D05AD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_infopath:2010:*:x64:*:*:*:*:*\",\"matchCriteriaId\":\"F18BF4FE-9517-47D0-9938-0418C86A5D56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2005:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"93B86335-EF14-4E4F-B192-2A5323A47D31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2005:sp3:express:*:*:*:*:*\",\"matchCriteriaId\":\"1E4FFD18-4CF8-4D4C-A9BF-F692CD5C2091\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2005:sp3:express_advanced_services:*:*:*:*:*\",\"matchCriteriaId\":\"CF6E4324-61CD-497F-ACCD-50D253DE291A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2005:sp3:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"AA80EDC4-4E84-40BE-86D5-1825AFA85390\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2005:sp3:x64:*:*:*:*:*\",\"matchCriteriaId\":\"0F3BF09C-04D2-4367-BE58-72AD396B4110\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2005:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"253CC41C-5DE2-4D76-8E69-13EF53FD256D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2005:sp4:express:*:*:*:*:*\",\"matchCriteriaId\":\"794F6BFC-EFEA-4D9C-BCC6-78D05B560402\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2005:sp4:express_advanced_services:*:*:*:*:*\",\"matchCriteriaId\":\"6CE40B2B-E1A0-4BBE-9A3B-5E7B14F83554\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2005:sp4:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"7E387893-EBA4-448A-9687-400F50A5A2F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2005:sp4:x64:*:*:*:*:*\",\"matchCriteriaId\":\"9916AE10-8EBF-4BB9-885C-1FD0C20ED71C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2008:r2:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"597E44EF-D336-40C4-BB2B-0C8735B96721\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2008:r2:x64:*:*:*:*:*\",\"matchCriteriaId\":\"63DD17D8-8A29-48EE-8B71-ED3991D94E63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2008:sp1:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"B520B7A3-E990-491E-B64E-3C60F8D2174B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2008:sp1:x64:*:*:*:*:*\",\"matchCriteriaId\":\"5FF8171B-403F-4B35-8CF3-1A5E8A9C74A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2008:sp2:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"5FA2E5E9-A530-4EBA-863A-322C10EFB82C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2008:sp2:x32:*:*:*:*:*\",\"matchCriteriaId\":\"46B4CFCF-6A73-4F96-9F0A-42EE1D7EFD33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2008:sp2:x64:*:*:*:*:*\",\"matchCriteriaId\":\"00F271BE-E397-4DAB-894E-EBA5CD7C465F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server_management_studio_express:2005:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF08EF73-73BF-48EE-B824-430F59AEA47B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server_management_studio_express:2005:*:x64:*:*:*:*:*\",\"matchCriteriaId\":\"486B3E1A-DBBB-407B-9D93-05738F8E0AF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9271AF1C-9B1C-4ADB-9F54-E63EBA2910F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio:2010:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7613B7D7-CF12-4D8D-AEE1-6274C1D7BEF2\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/44912\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/bid/48196\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id?1025646\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id?1025647\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id?1025648\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-049\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12664\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://secunia.com/advisories/44912\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/48196\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1025646\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1025647\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1025648\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-049\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12664\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2011-1280

Vulnerability from fkie_nvd - Published: 2011-06-16 20:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

	URL	Tags
	secure@microsoft.com	http://secunia.com/advisories/44912
	secure@microsoft.com	http://www.securityfocus.com/bid/48196
	secure@microsoft.com	http://www.securitytracker.com/id?1025646
	secure@microsoft.com	http://www.securitytracker.com/id?1025647
	secure@microsoft.com	http://www.securitytracker.com/id?1025648
	secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-049
	secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12664
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44912
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/48196
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1025646
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1025647
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1025648
	af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-049
	af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12664

Impacted products

Vendor	Product	Version
microsoft	office_infopath	2007
microsoft	office_infopath	2010
microsoft	office_infopath	2010
microsoft	sql_server	2005
microsoft	sql_server	2005
microsoft	sql_server	2005
microsoft	sql_server	2005
microsoft	sql_server	2005
microsoft	sql_server	2005
microsoft	sql_server	2005
microsoft	sql_server	2005
microsoft	sql_server	2005
microsoft	sql_server	2005
microsoft	sql_server	2008
microsoft	sql_server	2008
microsoft	sql_server	2008
microsoft	sql_server	2008
microsoft	sql_server	2008
microsoft	sql_server	2008
microsoft	sql_server	2008
microsoft	sql_server_management_studio_express	2005
microsoft	sql_server_management_studio_express	2005
microsoft	visual_studio	2005
microsoft	visual_studio	2008
microsoft	visual_studio	2010

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office_infopath:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "81BD7AB6-9D00-47C3-9627-BB141538BF6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_infopath:2010:*:x32:*:*:*:*:*",
              "matchCriteriaId": "3518F3B5-5C15-42FB-855A-48CAF5D05AD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_infopath:2010:*:x64:*:*:*:*:*",
              "matchCriteriaId": "F18BF4FE-9517-47D0-9938-0418C86A5D56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "93B86335-EF14-4E4F-B192-2A5323A47D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:express:*:*:*:*:*",
              "matchCriteriaId": "1E4FFD18-4CF8-4D4C-A9BF-F692CD5C2091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:express_advanced_services:*:*:*:*:*",
              "matchCriteriaId": "CF6E4324-61CD-497F-ACCD-50D253DE291A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:itanium:*:*:*:*:*",
              "matchCriteriaId": "AA80EDC4-4E84-40BE-86D5-1825AFA85390",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:x64:*:*:*:*:*",
              "matchCriteriaId": "0F3BF09C-04D2-4367-BE58-72AD396B4110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "253CC41C-5DE2-4D76-8E69-13EF53FD256D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp4:express:*:*:*:*:*",
              "matchCriteriaId": "794F6BFC-EFEA-4D9C-BCC6-78D05B560402",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp4:express_advanced_services:*:*:*:*:*",
              "matchCriteriaId": "6CE40B2B-E1A0-4BBE-9A3B-5E7B14F83554",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp4:itanium:*:*:*:*:*",
              "matchCriteriaId": "7E387893-EBA4-448A-9687-400F50A5A2F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp4:x64:*:*:*:*:*",
              "matchCriteriaId": "9916AE10-8EBF-4BB9-885C-1FD0C20ED71C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2008:r2:itanium:*:*:*:*:*",
              "matchCriteriaId": "597E44EF-D336-40C4-BB2B-0C8735B96721",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2008:r2:x64:*:*:*:*:*",
              "matchCriteriaId": "63DD17D8-8A29-48EE-8B71-ED3991D94E63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2008:sp1:itanium:*:*:*:*:*",
              "matchCriteriaId": "B520B7A3-E990-491E-B64E-3C60F8D2174B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2008:sp1:x64:*:*:*:*:*",
              "matchCriteriaId": "5FF8171B-403F-4B35-8CF3-1A5E8A9C74A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2008:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "5FA2E5E9-A530-4EBA-863A-322C10EFB82C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2008:sp2:x32:*:*:*:*:*",
              "matchCriteriaId": "46B4CFCF-6A73-4F96-9F0A-42EE1D7EFD33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2008:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "00F271BE-E397-4DAB-894E-EBA5CD7C465F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server_management_studio_express:2005:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF08EF73-73BF-48EE-B824-430F59AEA47B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server_management_studio_express:2005:*:x64:*:*:*:*:*",
              "matchCriteriaId": "486B3E1A-DBBB-407B-9D93-05738F8E0AF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9271AF1C-9B1C-4ADB-9F54-E63EBA2910F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2010:*:*:*:*:*:*:*",
              "matchCriteriaId": "7613B7D7-CF12-4D8D-AEE1-6274C1D7BEF2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka \"XML External Entities Resolution Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "El editor de XML en Microsoft Office InfoPath 2007 SP2 y 2010; SQL Server 2005 SP3 y SP4 y 2008 SP1, SP2 y R2; SQL Server Management Studio Express (SSMSE) 2005; y Visual Studio 2005 SP1, 2008 SP1, y 2010 no maneja correctamente entidades externas, lo que permite a atacantes remotos leer archivos arbitrarios a trav\u00e9s de un fichero .disco (Web Service Discovery) manipulado, tambi\u00e9n conocido como \"XML External Entities Resolution Vulnerability\""
    }
  ],
  "id": "CVE-2011-1280",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-06-16T20:55:02.353",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/44912"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/48196"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1025646"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1025647"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1025648"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-049"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12664"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/44912"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/48196"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1025646"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1025647"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1025648"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-049"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12664"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-6FPG-25VC-VC92

Vulnerability from github – Published: 2022-05-14 02:35 – Updated: 2022-05-14 02:35

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-1280"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-06-16T20:55:00Z",
    "severity": "MODERATE"
  },
  "details": "The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka \"XML External Entities Resolution Vulnerability.\"",
  "id": "GHSA-6fpg-25vc-vc92",
  "modified": "2022-05-14T02:35:51Z",
  "published": "2022-05-14T02:35:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1280"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-049"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12664"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/44912"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/48196"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1025646"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1025647"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1025648"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2011-1280

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-1280

Aliases

CVE-2011-1280

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-1280",
    "description": "The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka \"XML External Entities Resolution Vulnerability.\"",
    "id": "GSD-2011-1280"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-1280"
      ],
      "details": "The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka \"XML External Entities Resolution Vulnerability.\"",
      "id": "GSD-2011-1280",
      "modified": "2023-12-13T01:19:08.022997Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2011-1280",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka \"XML External Entities Resolution Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "48196",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/48196"
          },
          {
            "name": "1025647",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1025647"
          },
          {
            "name": "1025648",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1025648"
          },
          {
            "name": "MS11-049",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-049"
          },
          {
            "name": "1025646",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1025646"
          },
          {
            "name": "oval:org.mitre.oval:def:12664",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12664"
          },
          {
            "name": "44912",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/44912"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sql_server:2005:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sql_server:2005:sp3:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sql_server:2008:sp2:x32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sql_server:2008:sp2:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sql_server_management_studio_express:2005:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office_infopath:2010:*:x32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office_infopath:2010:*:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sql_server:2008:sp1:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sql_server:2008:sp1:itanium:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sql_server:2005:sp4:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sql_server_management_studio_express:2005:*:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office_infopath:2007:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sql_server:2005:sp4:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sql_server:2005:sp4:itanium:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sql_server:2008:r2:itanium:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sql_server:2005:sp3:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sql_server:2005:sp3:express_advanced_services:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sql_server:2005:sp3:itanium:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sql_server:2005:sp4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sql_server:2008:sp2:itanium:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sql_server:2008:r2:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio:2010:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sql_server:2005:sp4:express_advanced_services:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2011-1280"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka \"XML External Entities Resolution Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1025648",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1025648"
            },
            {
              "name": "1025646",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1025646"
            },
            {
              "name": "44912",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/44912"
            },
            {
              "name": "48196",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/48196"
            },
            {
              "name": "1025647",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1025647"
            },
            {
              "name": "oval:org.mitre.oval:def:12664",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12664"
            },
            {
              "name": "MS11-049",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-049"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-12T22:00Z",
      "publishedDate": "2011-06-16T20:55Z"
    }
  }
}

CERTA-2011-AVI-357

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans l'éditeur XML de Microsoft permet à un utilisateur distant de porter atteinte à la confidentialité de certaines données.

Description

Une vulnérabilité est présente dans l'éditeur de fichiers XML de Microsoft inclus dans de nombreux logiciels comme SQL Server ou Visual Studio. Elle permet à un utilisateur distant malintentionné de porter atteinte à la confidentialité de certaines données au moyen d'un fichier Web Service Discovery (.disco) construit de façon particulière.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft SQL Server Management Studio Express (SSMSE) 2005 ;
Microsoft	N/A	Microsoft SQL Server 2005 Édition x64 Service Pack 4 ;
Microsoft	N/A	Microsoft SQL Server 2008 pour systèmes x64 Service Pack 2 ;
Microsoft	N/A	Microsoft SQL Server 2008 R2 pour systèmes Itanium ;
Microsoft	N/A	Microsoft SQL Server 2005 Express Edition with Advanced Services Service Pack 3 ;
Microsoft	N/A	Microsoft InfoPath 2007 Service Pack 2 ;
Microsoft	N/A	Microsoft SQL Server 2008 pour systèmes Itanium Service Pack 1 ;
Microsoft	N/A	Microsoft SQL Server 2005 Express Edition Service Pack 4 ;
Microsoft	N/A	Microsoft SQL Server 2005 Express Edition with Advanced Services Service Pack 4 ;
Microsoft	N/A	Microsoft SQL Server 2008 R2 pour systèmes 32 bits ;
Microsoft	N/A	Microsoft SQL Server 2005 Édition x64 Service Pack 3 ;
Microsoft	N/A	Microsoft SQL Server 2008 pour systèmes 32 bits Service Pack 2 ;
Microsoft	N/A	Microsoft InfoPath 2010 (éditions 32 bits) ;
Microsoft	N/A	Microsoft Visual Studio 2010.
Microsoft	N/A	Microsoft SQL Server 2005 Service Pack 4 ;
Microsoft	N/A	Microsoft InfoPath 2010 (éditions 64 bits) ;
Microsoft	N/A	Microsoft SQL Server 2005 Service Pack 3 pour systèmes Itanium ;
Microsoft	N/A	Microsoft SQL Server 2005 Service Pack 3 ;
Microsoft	N/A	Microsoft SQL Server 2005 Express Edition Service Pack 3 ;
Microsoft	N/A	Microsoft SQL Server 2005 pour systèmes Itanium Service Pack 4 ;
Microsoft	N/A	Microsoft SQL Server 2008 pour systèmes 32 bits Service Pack 1 ;
Microsoft	N/A	Microsoft SQL Server Management Studio Express (SSMSE) 2005 édition x64 ;
Microsoft	N/A	Microsoft SQL Server 2008 pour systèmes x64 Service Pack 1 ;
Microsoft	N/A	Microsoft Visual Studio 2005 Service Pack 1 ;
Microsoft	N/A	Microsoft SQL Server 2008 pour systèmes Itanium Service Pack 2 ;
Microsoft	N/A	Microsoft SQL Server 2008 R2 pour systèmes x64 ;
Microsoft	N/A	Microsoft Visual Studio 2008 Service Pack 1 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS11-049 du 14 juin 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft SQL Server Management Studio Express (SSMSE) 2005 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2005 \u00c9dition x64 Service Pack 4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2008 pour syst\u00e8mes x64 Service Pack 2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2008 R2 pour syst\u00e8mes Itanium ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2005 Express Edition with Advanced Services Service Pack 3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft InfoPath 2007 Service Pack 2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2008 pour syst\u00e8mes Itanium Service Pack 1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2005 Express Edition Service Pack 4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2005 Express Edition with Advanced Services Service Pack 4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2008 R2 pour syst\u00e8mes 32 bits ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2005 \u00c9dition x64 Service Pack 3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft InfoPath 2010 (\u00e9ditions 32 bits) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2010.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2005 Service Pack 4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft InfoPath 2010 (\u00e9ditions 64 bits) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2005 Service Pack 3 pour syst\u00e8mes Itanium ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2005 Service Pack 3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2005 Express Edition Service Pack 3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2005 pour syst\u00e8mes Itanium Service Pack 4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2008 pour syst\u00e8mes 32 bits Service Pack 1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server Management Studio Express (SSMSE) 2005 \u00e9dition x64 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2008 pour syst\u00e8mes x64 Service Pack 1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2005 Service Pack 1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2008 pour syst\u00e8mes Itanium Service Pack 2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2008 R2 pour syst\u00e8mes x64 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2008 Service Pack 1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 est pr\u00e9sente dans l\u0027\u00e9diteur de fichiers XML de\nMicrosoft inclus dans de nombreux logiciels comme SQL Server ou Visual\nStudio. Elle permet \u00e0 un utilisateur distant malintentionn\u00e9 de porter\natteinte \u00e0 la confidentialit\u00e9 de certaines donn\u00e9es au moyen d\u0027un fichier\nWeb Service Discovery (.disco) construit de fa\u00e7on particuli\u00e8re.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-1280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1280"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-357",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-06-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans l\u0027\u00e9diteur XML de Microsoft permet \u00e0 un\nutilisateur distant de porter atteinte \u00e0 la confidentialit\u00e9 de certaines\ndonn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de l\u0027\u00e9diteur XML de Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-049 du 14 juin 2011",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS11-049.mspx"
    }
  ]
}

CERTA-2011-AVI-357

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans l'éditeur XML de Microsoft permet à un utilisateur distant de porter atteinte à la confidentialité de certaines données.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft SQL Server Management Studio Express (SSMSE) 2005 ;
Microsoft	N/A	Microsoft SQL Server 2005 Édition x64 Service Pack 4 ;
Microsoft	N/A	Microsoft SQL Server 2008 pour systèmes x64 Service Pack 2 ;
Microsoft	N/A	Microsoft SQL Server 2008 R2 pour systèmes Itanium ;
Microsoft	N/A	Microsoft SQL Server 2005 Express Edition with Advanced Services Service Pack 3 ;
Microsoft	N/A	Microsoft InfoPath 2007 Service Pack 2 ;
Microsoft	N/A	Microsoft SQL Server 2008 pour systèmes Itanium Service Pack 1 ;
Microsoft	N/A	Microsoft SQL Server 2005 Express Edition Service Pack 4 ;
Microsoft	N/A	Microsoft SQL Server 2005 Express Edition with Advanced Services Service Pack 4 ;
Microsoft	N/A	Microsoft SQL Server 2008 R2 pour systèmes 32 bits ;
Microsoft	N/A	Microsoft SQL Server 2005 Édition x64 Service Pack 3 ;
Microsoft	N/A	Microsoft SQL Server 2008 pour systèmes 32 bits Service Pack 2 ;
Microsoft	N/A	Microsoft InfoPath 2010 (éditions 32 bits) ;
Microsoft	N/A	Microsoft Visual Studio 2010.
Microsoft	N/A	Microsoft SQL Server 2005 Service Pack 4 ;
Microsoft	N/A	Microsoft InfoPath 2010 (éditions 64 bits) ;
Microsoft	N/A	Microsoft SQL Server 2005 Service Pack 3 pour systèmes Itanium ;
Microsoft	N/A	Microsoft SQL Server 2005 Service Pack 3 ;
Microsoft	N/A	Microsoft SQL Server 2005 Express Edition Service Pack 3 ;
Microsoft	N/A	Microsoft SQL Server 2005 pour systèmes Itanium Service Pack 4 ;
Microsoft	N/A	Microsoft SQL Server 2008 pour systèmes 32 bits Service Pack 1 ;
Microsoft	N/A	Microsoft SQL Server Management Studio Express (SSMSE) 2005 édition x64 ;
Microsoft	N/A	Microsoft SQL Server 2008 pour systèmes x64 Service Pack 1 ;
Microsoft	N/A	Microsoft Visual Studio 2005 Service Pack 1 ;
Microsoft	N/A	Microsoft SQL Server 2008 pour systèmes Itanium Service Pack 2 ;
Microsoft	N/A	Microsoft SQL Server 2008 R2 pour systèmes x64 ;
Microsoft	N/A	Microsoft Visual Studio 2008 Service Pack 1 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS11-049 du 14 juin 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft SQL Server Management Studio Express (SSMSE) 2005 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2005 \u00c9dition x64 Service Pack 4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2008 pour syst\u00e8mes x64 Service Pack 2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2008 R2 pour syst\u00e8mes Itanium ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2005 Express Edition with Advanced Services Service Pack 3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft InfoPath 2007 Service Pack 2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2008 pour syst\u00e8mes Itanium Service Pack 1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2005 Express Edition Service Pack 4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2005 Express Edition with Advanced Services Service Pack 4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2008 R2 pour syst\u00e8mes 32 bits ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2005 \u00c9dition x64 Service Pack 3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft InfoPath 2010 (\u00e9ditions 32 bits) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2010.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2005 Service Pack 4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft InfoPath 2010 (\u00e9ditions 64 bits) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2005 Service Pack 3 pour syst\u00e8mes Itanium ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2005 Service Pack 3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2005 Express Edition Service Pack 3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2005 pour syst\u00e8mes Itanium Service Pack 4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2008 pour syst\u00e8mes 32 bits Service Pack 1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server Management Studio Express (SSMSE) 2005 \u00e9dition x64 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2008 pour syst\u00e8mes x64 Service Pack 1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2005 Service Pack 1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2008 pour syst\u00e8mes Itanium Service Pack 2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2008 R2 pour syst\u00e8mes x64 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2008 Service Pack 1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 est pr\u00e9sente dans l\u0027\u00e9diteur de fichiers XML de\nMicrosoft inclus dans de nombreux logiciels comme SQL Server ou Visual\nStudio. Elle permet \u00e0 un utilisateur distant malintentionn\u00e9 de porter\natteinte \u00e0 la confidentialit\u00e9 de certaines donn\u00e9es au moyen d\u0027un fichier\nWeb Service Discovery (.disco) construit de fa\u00e7on particuli\u00e8re.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-1280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1280"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-357",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-06-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans l\u0027\u00e9diteur XML de Microsoft permet \u00e0 un\nutilisateur distant de porter atteinte \u00e0 la confidentialit\u00e9 de certaines\ndonn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de l\u0027\u00e9diteur XML de Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-049 du 14 juin 2011",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS11-049.mspx"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-1280 (GCVE-0-2011-1280)

FKIE_CVE-2011-1280

GHSA-6FPG-25VC-VC92

GSD-2011-1280

CERTA-2011-AVI-357

Description

Solution

CERTA-2011-AVI-357

Description

Solution

Tags

Sightings

Nomenclature