| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS11-049 | Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893) | Microsoft InfoPath | Critical | 15-06-2011 |
Technical Information
Brief overview of the risk:
This security update resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin.
Detailed Information on the risk:
An information disclosure vulnerability exists in the way that Microsoft XML Editor handles specially crafted XML files.
Further information on this exploit is available at : MS11-049
Affected Software
Microsoft InfoPath 2007 Service Pack 2Microsoft InfoPath 2010 (32-bit editions)
Microsoft InfoPath 2010 (64-bit editions)
SQL Server 2005 Service Pack 3
SQL Server 2005 x64 Edition Service Pack 3
SQL Server 2005 for Itanium-based Systems Service Pack 3
SQL Server 2005 Service Pack 4
SQL Server 2005 x64 Edition Service Pack 4
SQL Server 2005 for Itanium-based Systems Service Pack 4
SQL Server 2005 Express Edition Service Pack 3
SQL Server 2005 Express Edition Service Pack 4
SQL Server 2005 Express Edition with Advanced Services Service Pack 3