Microsoft XML外部实体分解CVE-2011-1280信息泄露漏洞

Bugtraq ID: 48196
CVE ID：CVE-2011-1280

Microsoft XML Editor是一款”基于Microsoft Visual Studio"文本编辑器，并增加了对XML语言的支持。
在解析Web服务发现文件(".disco")中的XML外部实体时存在错误，攻击者可以利用漏洞获得任意文件的敏感内容。

Microsoft Visual Studio 2010 0
Microsoft Visual Studio 2008 SP1
Microsoft Visual Studio 2005 SP1
Microsoft SQL Server Management Studio Express (SSMSE) 2005 x64 0
Microsoft SQL Server Management Studio Express (SSMSE) 2005 0
Microsoft SQL Server 2008 x64 SP2
Microsoft SQL Server 2008 x64 R2
Microsoft SQL Server 2008 itanium SP2
Microsoft SQL Server 2008 itanium SP1
Microsoft SQL Server 2008 itanium R2
Microsoft SQL Server 2008 32bit SP1
Microsoft SQL Server 2008 32-bit SP2
Microsoft SQL Server 2008 32-bit R2
Microsoft SQL Server 2005 x64 Edition SP4
Microsoft SQL Server 2005 x64 Edition SP3
Microsoft SQL Server 2005 Itanium Edition SP3
Microsoft SQL Server 2005 Express Edition with Advanced Serv SP4
Microsoft SQL Server 2005 Express Edition with Advanced Serv SP3
Microsoft SQL Server 2005 Express Edition SP4
Microsoft SQL Server 2005 Express Edition SP3
Microsoft SQL Server 2005 SP4
Microsoft SQL Server 2005 SP3
Microsoft Office 2010 (64-bit edition) 0
Microsoft Office 2010 (32-bit edition) 0
Microsoft Office 2007 SP2
Microsoft InfoPath 2010 0
Microsoft InfoPath 2007 SP2
厂商解决方案
用户可参考如下供应商提供的安全公告获得补丁信息：
http://www.microsoft.com/technet/security/Bulletin/MS11-049.mspx