Information disclosure in Microsoft Office_infopath

CVE-2011-1280

The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle exter…

Vulnerability class: Information Disclosure

EPSS: 0.325 (97.0th percentile) — read the EPSS interpretation.

Affected products

Microsoft Office_infopath — versions 2007, 2010
Microsoft Sql_server — versions 2005, 2008
Microsoft Sql_server_management_studio_express — versions 2005
Microsoft Visual_studio — versions 2005, 2008, 2010
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

48196 (vdb-entry, x_refsource_BID)
1025647 (vdb-entry, x_refsource_SECTRACK)
1025648 (vdb-entry, x_refsource_SECTRACK)
MS11-049 (x_refsource_MS, vendor-advisory)
1025646 (vdb-entry, x_refsource_SECTRACK)
oval:org.mitre.oval:def:12664 (x_refsource_OVAL, signature, vdb-entry)
44912 (x_refsource_SECUNIA, third-party-advisory)