Summary
| Detail | |||
|---|---|---|---|
| Vendor | Microsoft | First view | 2010-06-08 |
| Product | Office Infopath | Last view | 2011-06-16 |
| Version | Type | ||
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 4.3 | 2011-06-16 | CVE-2011-1280 | The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka "XML External Entities Resolution Vulnerability." |
| 4.3 | 2010-06-08 | CVE-2010-1257 | Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (1) | CWE-200 | Information Exposure |
| 50% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:6677 | toStaticHTML Information Disclosure Vulnerability |
| oval:org.mitre.oval:def:12664 | XML External Entities Resolution Vulnerability |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 72934 | Microsoft XML Editor External Entities Resolution Unspecified Information Dis... |
| 65211 | Microsoft IE / Sharepoint toStaticHTML Information Disclosure |
OpenVAS Exploits
| id | Description |
|---|---|
| 2011-06-21 | Name : Microsoft XML Editor Information Disclosure Vulnerability (2543893) File : nvt/secpod_ms11-049.nasl |
| 2010-06-09 | Name : Microsoft Internet Explorer Multiple Vulnerabilities (982381) File : nvt/secpod_ms10-035.nasl |
| 2010-06-09 | Name : Microsoft SharePoint Privilege Elevation Vulnerabilities (2028554) File : nvt/secpod_ms10-039.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2011-B-0064 | Microsoft XML Editor Information Disclosure Vulnerability Severity: Category II - VMSKEY: V0028601 |
| 2010-A-0079 | Multiple Vulnerabilities in Microsoft Office SharePoint Severity: Category II - VMSKEY: V0024377 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Microsoft Visual Studio information disclosure attempt RuleID : 19234 - Type : OS-WINDOWS - Revision : 7 |
| 2014-01-10 | Microsoft Internet Explorer 8 cross-site scripting attempt RuleID : 16658 - Type : BROWSER-IE - Revision : 7 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2014-03-10 | Name: An application on the remote Windows host has an information disclosure vulne... File: smb_kb2543893.nasl - Type: ACT_GATHER_INFO |
| 2011-06-15 | Name: An application on the remote Windows host has an information disclosure vulne... File: smb_nt_ms11-049.nasl - Type: ACT_GATHER_INFO |
| 2010-06-09 | Name: Arbitrary code can be executed on the remote host through a web browser. File: smb_nt_ms10-035.nasl - Type: ACT_GATHER_INFO |
| 2010-06-09 | Name: The remote host has multiple vulnerabilities. File: smb_nt_ms10-039.nasl - Type: ACT_GATHER_INFO |
