Lucene search
K

105 matches found

CVE
CVE
added 2017/03/17 12:0 a.m.912 views

CVE-2017-0022

CVE-2017-0022 affects Microsoft XML Core Services (MSXML) across multiple Windows OS versions; vulnerability stems from improper handling of memory objects, enabling an attacker to determine whether a file exists on disk via a crafted web site. Public sources classify it as an information-disclos...

6.5CVSS4.3AI score0.18069EPSS
In wildExploits1References5Affected Software1
Symantec
Symantec
added 2017/03/14 12:0 a.m.46 views

Microsoft XML Core Services CVE-2017-0022 Information Disclosure Vulnerability

Description Microsoft XML Core Services MSXML is prone to an information-disclosure vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to visit a specially crafted webpage. An attacker can exploit this issue to gain access to sensitive information that may lead to...

4.3CVSS6.1AI score0.18069EPSS
Exploits1References1Affected Software3
Microsoft KB
Microsoft KB
added 2017/01/07 12:0 a.m.27 views

MS14-033: Description of the security update for MSXML: June 10, 2014

MS14-033: Description of the security update for MSXML: June 10, 2014 INTRODUCTION Microsoft has released security bulletin MS14-033. To learn more about this security bulletin: Home users: https://www.microsoft.com/security/pc-security/updates.aspxSkip the details: Download the updates for your...

6.6AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2016/09/16 12:0 a.m.38 views

Microsoft Windows MSXML IDispatch Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within MSXML...

4.3CVSS1.5AI score0.12816EPSS
Exploits0References1
OSV
OSV
added 2016/04/12 11:59 p.m.1 views

CVE-2016-0147

Microsoft XML Core Services 3.0 allows remote attackers to execute arbitrary code via a crafted web site, aka "MSXML 3.0 Remote Code Execution Vulnerability."...

8.8CVSS6.2AI score0.15709EPSS
Exploits0References2
Check Point Advisories
Check Point Advisories
added 2016/04/12 12:0 a.m.15 views

Microsoft Windows MSXML 3.0 Remote Code Execution (MS16-040: CVE-2016-0147)

A use after free vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way Windows parses an XML file. A remote attacker can exploit this issue by enticing a target victim to run a specially crafted XML file. Successful exploitation could trigger arbitrary code...

9.3CVSS6.3AI score0.15709EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2015/08/11 12:0 a.m.36 views

Microsoft MSXML generate-id Information Disclosure Vulnerability

This vulnerability allows remote attackers to gain information about the layout of memory on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

5.4CVSS6AI score0.18588EPSS
Exploits0References1
CVE
CVE
added 2015/04/14 8:0 p.m.74 views

CVE-2015-1646

CVE-2015-1646 affects Microsoft XML Core Services (MSXML) 3.0. The vulnerability is a same-origin policy security bypass in MSXML3 that can allow remote attackers to obtain sensitive information via a crafted DTD. Multiple sources (NVD entry and vulnerability repositories) describe the issue and ...

4.3CVSS6.1AI score0.16975EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2015/02/20 12:0 a.m.9 views

PT-2018-26: Information Disclosure in MatrikonOPC Explorer

The specialists of the Positive Research center have detected an Information Disclosure vulnerability in MatrikonOPC Explorer. A vulnerability in MatrikonOPC Explorer, related to MSXML libraries, allows attackers to transfer arbitrary files from a host system and obtain sensitive information. How...

6.1CVSS6.5AI score0.00388EPSS
Exploits0References5
myhack58
myhack58
added 2015/01/21 12:0 a.m.39 views

Microsoft XML Core Services vulnerability is still computer users face the biggest risk-vulnerability warning-the black bar safety net

Recently reported, Microsoft XML Core Services vulnerability is still computer users face the biggest risk, and more than 4 3% of users are running a vulnerable version. Can you explain why these problems still exist as well as to alleviate the problem the best way? Michael Cobb: the Secunia in t...

0.2AI score
Exploits0
myhack58
myhack58
added 2015/01/17 12:0 a.m.13 views

How to relieve Microsoft XML vulnerability risk-the vulnerability warning-the black bar safety net

Recently reported, Microsoft XML Core Services vulnerability is still computer users face the biggest risk, and more than 4 3% of users are running a vulnerable version. Can you explain why these problems still exist as well as to alleviate the problem the best way? ! How to relieve Microsoft XML...

0.4AI score
Exploits0
CVE
CVE
added 2014/11/11 10:0 p.m.98 views

CVE-2014-4118

CVE-2014-4118 affects Microsoft XML Core Services (MSXML) 3.0. The vulnerability arises when parsing crafted XML content, allowing remote code execution or system-state corruption on multiple Windows versions (MSXML 3.0 in Windows Server 2003 SP2; Vista SP2; Server 2008 SP2 and R2 SP1; Windows 7 ...

9.3CVSS8.3AI score0.13661EPSS
Exploits0References2Affected Software9
Check Point Advisories
Check Point Advisories
added 2014/11/11 12:0 a.m.16 views

Microsoft Windows MSXML XSLT Remote Code Execution (MS14-067; CVE-2014-4118)

A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to an error in MSXML when parsing specially crafted XML content. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file or web page...

9.3CVSS7.1AI score0.13661EPSS
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.25 views

Microsoft Internet Explorer 5/6 MSXML XML File Parsing Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7938/info A vulnerability has been reported for the Microsoft Internet Explorer that may result in cross-site scripting attacks. If IE, using the MSXML parser, is unable to parse the requested XML file, it will display a...

7.1AI score
Exploits0
CVE
CVE
added 2014/06/11 1:0 a.m.57 views

CVE-2014-1816

CVE-2014-1816 affects Microsoft XML Core Services (MSXML) 3.0 and 6.0. The vulnerability arises from MSXML’s improper restriction of information transmitted during Internet Explorer download actions, allowing an attacker to disclose full client pathname components and local usernames via a crafte...

4.3CVSS6AI score0.14355EPSS
Exploits0References4Affected Software1
MSRC
MSRC
added 2014/02/14 8:0 a.m.12 views

February 2014 Security Bulletin Webcast and Q&A

Today we published the February 2014 Security Bulletin Webcast Questions & Answers page. We answered seven questions on air, with the majority of questions focusing on the MSXML bulletin MS14-005 and the revision to Security Advisory 2915720. One question that was not answered on air has been...

7.2AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2013/01/09 6:9 p.m.11 views

CVE-2013-0006

Microsoft XML Core Services aka MSXML 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer Truncation Vulnerability."...

9.3CVSS5.9AI score0.28084EPSS
Exploits1References5
Prion
Prion
added 2013/01/09 6:9 p.m.26 views

Design/Logic Flaw

Microsoft XML Core Services aka MSXML 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability."...

9.3CVSS8AI score0.31574EPSS
Exploits2References3Affected Software9
CVE
CVE
added 2013/01/09 6:0 p.m.185 views

CVE-2013-0007

CVE-2013-0007 impacts Microsoft XML Core Services (MSXML) versions 4.0–6.0. A parsing fault in MSXML can allow remote code execution when a user visits a crafted web page (MSXML XSLT vulnerability). Affected components include MSXML DLLs; root cause is improper XML content parsing. Mitigation is ...

9.3CVSS7.5AI score0.31574EPSS
Exploits2References3Affected Software8
CVE
CVE
added 2013/01/09 6:0 p.m.136 views

CVE-2013-0006

CVE-2013-0006 is associated with OSIsoft PI Interface for OPC XML-DA (ICS advisory ICSA-20-315-01) and Microsoft MSXML/MS13-002 context. Connected documents identify the affected product as PI Interface for OPC XML-DA versions prior to 1.7.3.x, where the vulnerability stems from numeric errors/st...

9.3CVSS7.5AI score0.28084EPSS
Exploits1References4Affected Software8
Rows per page
Query Builder