MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893)
Medium Nessus Plugin ID 55129
SynopsisAn application on the remote Windows host has an information disclosure vulnerability.
DescriptionAn application on the remote host has an XML external entity vulnerability. When parsing a specially crafted Web Service Discovery (.disco) file, external XML entities are allowed for untrusted user input. This could result in information disclosure.
A remote attacker could exploit this by tricking a user into opening a specially crafted .disco file, resulting in the disclosure of sensitive information.
SolutionMicrosoft has released a set of patches for InfoPath 2007 and 2010, SQL Server 2005, 2008, and 2008 R2, SQL Server Management Studio Express 2005, Visual Studio 2005, 2008, and 2010.