![]() Vulnerable Microsoft Office InfoPath 2007.Microsoft Office InfoPath 2007 Microsoft Office InfoPath 2010 Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express Edition Microsoft SQL Server Management Studio Express (SSMSE) 2005 Microsoft SQL Server 2008 Microsoft SQL Server 2008 R2 Microsoft Visual Studio 2005 Microsoft Visual Studio 2008 Microsoft Visual Studio 2010 ![]() Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 disco (Web Service Discovery) file, aka "XML External Entities Resolution Vulnerability." The XML Editor in Microsoft InfoPath 2007 SP SQL Server 2005 SP3 and SP SP1, SP2, and R2 SQL Server Management Studio Express (SSMSE) 2005 and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted. XML External Entities Resolution Vulnerability Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system.ĭefinition Id: oval::def:12664 The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Summary: This security update resolves a privately reported vulnerability in Microsoft XML Editor. ![]() ![]() Revision Note: V2.4 (February 15, 2012): Corrected the SQL Server Version Range for SQL Server 2008 R2 in the update FAQ.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |