MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893) (uncredentialed check)
Medium Nessus Plugin ID 72909
SynopsisAn application on the remote Windows host has an information disclosure vulnerability.
DescriptionAn application on the remote host has an information disclosure vulnerability. When parsing a specially crafted Web Service Discovery (.disco) file, external XML entities are allowed for untrusted user input. A remote attacker could exploit this by tricking a user into opening a specially crafted .disco file, resulting in the disclosure of sensitive information.
SolutionMicrosoft has released a set of patches for SQL Server 2005, 2008 and 2008 R2.