|
| Description: | | XML is used to mark electronic documents, which has a structural markup language. It can be used to mark data and define data types. It is a source language that allows users to define their own markup language. XxE attacks enter malicious code through DTD external entity declarations. |
|
| Impact: | | An attacker can abtain sensitive information of the target victim, and do malicious actions to gain profits using the information. |
|
| Affected OS: | | Solaris, FreeBSD, Windows, Linux, Other Unix, Mac OS |
|
| Reference: | | http://technet.microsoft.com/en-us/security/bulletin/MS11-074
|
|