Home / bulletins MS11-049 - Important : Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893) - Version: 2.2
Posted on 19 January 2012
There is an newer version: MS11-049 - Version: 2.4
ImportantSeverity Rating: Important
Revision Note: V2.2 (January 18, 2012): Added a note to the Affected and Non-Affected Software section to clarify that this update also applies to 32-bit and x64-based SQL Server 2008 and SQL Server 2008 R2 Express and Express Advanced Editions.
Summary: This security update resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system.Other versions
- MS11-049 - Version: 1.0
- MS11-049 - Version: 1.1
- MS11-049 - Version: 1.2
- MS11-049 - Version: 1.3
- MS11-049 - Version: 2.0
- MS11-049 - Version: 2.1
- MS11-049 - Version: 2.2
- MS11-049 - Version: 2.3
- MS11-049 - Version: 2.4
