MS11-049 - Important : Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure

Discussion in 'Security Alerts' started by News, Sep 8, 2011.

  1. News

    News Extraordinary Robot
    News Feed

    Jun 27, 2006
    Likes Received:
    Severity Rating: Important
    Revision Note: V2.0 (August 9, 2011): Bulletin rereleased to announce a detection change to the update for Microsoft Visual Studio 2005 Service Pack 1 (KB2251481) to add detection for related software listed in the update FAQ. There were no changes to the security update files. Customers who have already successfully updated their systems do not need to reinstall this update.
    Summary: This security update resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system.


Share This Page