Kaspersky LabKLA10013KLA10013 OSI vulnerability in multiple Microsoft XML Core Services
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.006 Low
EPSS
Percentile
77.2%
Detect date:
06/10/2014
Severity:
Warning
Description:
By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited from the network at a point related to MSXML via a specially designed website. It is caused by a missing property information restriction.
Affected products:
Windows Server 2003 SP2 x86, x64, for Itanium
Windows Vista SP2 x86, x64
Windows Server 2008 SP2 x86, x64, for Itanium
Windows 7 SP1 x86, x64
Windows Server 2008 R2 SP1 x64, for Itanium
Windows 8 x86, x64 Windows 8.1 x86, x64
Windows Server 2012, 2012 R2
Windows RT & Windows RT 8.1
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2014-18164.3Warning
Microsoft official advisories:
KB list:
References
support.microsoft.com/kb/2939576
support.microsoft.com/kb/2957482
support.microsoft.com/kb/2966061
support.microsoft.com/kb/2966631
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1816
portal.msrc.microsoft.com/en-us/security-guidance
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-1816
statistics.securelist.com/vulnerability-scan/month
technet.microsoft.com/en-us/library/security/ms14-033.aspx
threats.kaspersky.com/en/product/Microsoft-Windows-Server/
threats.kaspersky.com/en/product/Microsoft-Windows/
Related
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.006 Low
EPSS
Percentile
77.2%