Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Microsoft XML Editor External Entities Resolution Vulnerability (MS11-049; CVE-2011-1280)

Subscribe

Check Point Reference: CPAI-2011-288
Date Published:
Severity:
Source: Microsoft Security Bulletin MS11-049
Industry Reference(s): CVE-2011-1280
Protection Provided by: Security Gateway
  • R75
  • R71
  • R70
VPN-1
  • NGX R65
Who is Vulnerable?
Microsoft Office InfoPath 2007 Service Pack 2
Microsoft Office InfoPath 2010 (32-bit editions)
Microsoft Office InfoPath 2010 (64-bit editions)
SQL Server 2005 Service Pack 3
SQL Server 2005 x64 Edition Service Pack 3
SQL Server 2005 for Itanium-based Systems Service Pack 3
SQL Server 2005 Service Pack 4
SQL Server 2005 x64 Edition Service Pack 4
SQL Server 2005 for Itanium-based Systems Service Pack 4
SQL Server 2008 for 32-bit Systems Service Pack 1
SQL Server 2008 for x64-based Systems Service Pack 1
SQL Server 2008 for Itanium-based Systems Service Pack 1
SQL Server 2008 for 32-bit Systems Service Pack 2
SQL Server 2008 for x64-based Systems Service Pack 2
SQL Server 2008 for Itanium-based Systems Service Pack 2
SQL Server 2008 R2 for 32-bit Systems
SQL Server 2008 R2 for x64-based Systems
SQL Server 2008 R2 for Itanium-based Systems
SQL Server 2005 Express Edition Service Pack 3
SQL Server 2005 Express Edition Service Pack 4
SQL Server 2005 Express Edition with Advanced Services Service Pack 3
SQL Server 2005 Express Edition with Advanced Services Service Pack 4
SQL Server Management Studio Express (SSMSE) 2005
SQL Server Management Studio Express (SSMSE) 2005 x64 Edition
Microsoft Visual Studio 2005 Service Pack 1
Microsoft Visual Studio 2008 Service Pack 1
Microsoft Visual Studio 2010
Vulnerability Description
An information disclosure vulnerability exists in the way that Microsoft XML Editor handles specially crafted XML files. An attacker who successfully exploited this vulnerability could read data from a file located on the target system. This vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system.
Update/Patch Available
Apply patches from Microsoft Security Bulletin MS11-049
Vulnerability Details
The vulnerability is due to the fact that XML external entities are resolved within other XML external entity declarations. An attacker who successfully exploited this vulnerability could read data from a file located on the target system.

Protection Overview
This protection detects and block malicious XML files over HTTP.

To configure the defense, select your product from the list below and follow the related protection steps.

Security Gateway R70 / R71 / R75

How Can I Protect My Network?

  1. In the IPS tab, click Protections and find the Microsoft XML Editor External Entities Resolution Vulnerability (MS11-049) protection using the Search tool and Edit the protection's settings.
  2. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Content Protection Violation
Attack Information: Microsoft XML Editor External Entities Resolution Vulnerability (MS11-049)