This CPE summary could be partial or incomplete. Please contact us for a detailed listing.


Vendor Microsoft First view 2010-06-08
Product Office Infopath Last view 2011-06-16
Version 2007 Type Application
Update sp2  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
CPE Product cpe:2.3:a:microsoft:office_infopath

Activity : Overall

Related : CVE

  Date Alert Description
4.3 2011-06-16 CVE-2011-1280

The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka "XML External Entities Resolution Vulnerability."

4.3 2010-06-08 CVE-2010-1257

Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization.

CWE : Common Weakness Enumeration

50% (1) CWE-200 Information Exposure
50% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')

Open Source Vulnerability Database (OSVDB)

id Description
72934 Microsoft XML Editor External Entities Resolution Unspecified Information Dis...
65211 Microsoft IE / Sharepoint toStaticHTML Information Disclosure

OpenVAS Exploits

id Description
2011-06-21 Name : Microsoft XML Editor Information Disclosure Vulnerability (2543893)
File : nvt/secpod_ms11-049.nasl
2010-06-09 Name : Microsoft Internet Explorer Multiple Vulnerabilities (982381)
File : nvt/secpod_ms10-035.nasl
2010-06-09 Name : Microsoft SharePoint Privilege Elevation Vulnerabilities (2028554)
File : nvt/secpod_ms10-039.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2011-B-0064 Microsoft XML Editor Information Disclosure Vulnerability
Severity: Category II - VMSKEY: V0028601
2010-A-0079 Multiple Vulnerabilities in Microsoft Office SharePoint
Severity: Category II - VMSKEY: V0024377

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft Visual Studio information disclosure attempt
RuleID : 19234 - Type : OS-WINDOWS - Revision : 7
2014-01-10 Microsoft Internet Explorer 8 cross-site scripting attempt
RuleID : 16658 - Type : BROWSER-IE - Revision : 7

Nessus® Vulnerability Scanner

id Description
2014-03-10 Name: An application on the remote Windows host has an information disclosure vulne...
File: smb_kb2543893.nasl - Type: ACT_GATHER_INFO
2011-06-15 Name: An application on the remote Windows host has an information disclosure vulne...
File: smb_nt_ms11-049.nasl - Type: ACT_GATHER_INFO
2010-06-09 Name: Arbitrary code can be executed on the remote host through a web browser.
File: smb_nt_ms10-035.nasl - Type: ACT_GATHER_INFO
2010-06-09 Name: The remote host has multiple vulnerabilities.
File: smb_nt_ms10-039.nasl - Type: ACT_GATHER_INFO