Detections
Analytics
MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893) (uncredentialed check)
medium Nessus Plugin ID 72909
Language:
Synopsis
An application on the remote Windows host has an information disclosure vulnerability.Description
An application on the remote host has an information disclosure vulnerability. When parsing a specially crafted Web Service Discovery (.disco) file, external XML entities are allowed for untrusted user input. A remote attacker could exploit this by tricking a user into opening a specially crafted .disco file, resulting in the disclosure of sensitive information.Solution
Microsoft has released a set of patches for SQL Server 2005, 2008 and 2008 R2.See Also
https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2011/ms11-049
Plugin Details
Severity: Medium
ID: 72909
File Name: smb_kb2543893.nasl
Version: 1.8
Type: remote
Agent: windows
Family: Windows
Published: 3/10/2014
Updated: 4/11/2022
Configuration: Enable paranoid mode, Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.4
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.2
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N
Vulnerability Information
CPE: cpe:/a:microsoft:sql_server
Required KB Items: Settings/ParanoidReport
Exploit Ease: No known exploits are available
Patch Publication Date: 6/14/2011
Vulnerability Publication Date: 6/14/2011
Reference Information
CVE: CVE-2011-1280
BID: 48196