105 matches found
CVE-2017-0022
CVE-2017-0022 affects Microsoft XML Core Services (MSXML) across multiple Windows OS versions; vulnerability stems from improper handling of memory objects, enabling an attacker to determine whether a file exists on disk via a crafted web site. Public sources classify it as an information-disclos...
Microsoft XML Core Services CVE-2017-0022 Information Disclosure Vulnerability
Description Microsoft XML Core Services MSXML is prone to an information-disclosure vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to visit a specially crafted webpage. An attacker can exploit this issue to gain access to sensitive information that may lead to...
MS14-033: Description of the security update for MSXML: June 10, 2014
MS14-033: Description of the security update for MSXML: June 10, 2014 INTRODUCTION Microsoft has released security bulletin MS14-033. To learn more about this security bulletin: Home users: https://www.microsoft.com/security/pc-security/updates.aspxSkip the details: Download the updates for your...
Microsoft Windows MSXML IDispatch Use-After-Free Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within MSXML...
CVE-2016-0147
Microsoft XML Core Services 3.0 allows remote attackers to execute arbitrary code via a crafted web site, aka "MSXML 3.0 Remote Code Execution Vulnerability."...
Microsoft Windows MSXML 3.0 Remote Code Execution (MS16-040: CVE-2016-0147)
A use after free vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way Windows parses an XML file. A remote attacker can exploit this issue by enticing a target victim to run a specially crafted XML file. Successful exploitation could trigger arbitrary code...
Microsoft MSXML generate-id Information Disclosure Vulnerability
This vulnerability allows remote attackers to gain information about the layout of memory on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
CVE-2015-1646
CVE-2015-1646 affects Microsoft XML Core Services (MSXML) 3.0. The vulnerability is a same-origin policy security bypass in MSXML3 that can allow remote attackers to obtain sensitive information via a crafted DTD. Multiple sources (NVD entry and vulnerability repositories) describe the issue and ...
PT-2018-26: Information Disclosure in MatrikonOPC Explorer
The specialists of the Positive Research center have detected an Information Disclosure vulnerability in MatrikonOPC Explorer. A vulnerability in MatrikonOPC Explorer, related to MSXML libraries, allows attackers to transfer arbitrary files from a host system and obtain sensitive information. How...
Microsoft XML Core Services vulnerability is still computer users face the biggest risk-vulnerability warning-the black bar safety net
Recently reported, Microsoft XML Core Services vulnerability is still computer users face the biggest risk, and more than 4 3% of users are running a vulnerable version. Can you explain why these problems still exist as well as to alleviate the problem the best way? Michael Cobb: the Secunia in t...
How to relieve Microsoft XML vulnerability risk-the vulnerability warning-the black bar safety net
Recently reported, Microsoft XML Core Services vulnerability is still computer users face the biggest risk, and more than 4 3% of users are running a vulnerable version. Can you explain why these problems still exist as well as to alleviate the problem the best way? ! How to relieve Microsoft XML...
CVE-2014-4118
CVE-2014-4118 affects Microsoft XML Core Services (MSXML) 3.0. The vulnerability arises when parsing crafted XML content, allowing remote code execution or system-state corruption on multiple Windows versions (MSXML 3.0 in Windows Server 2003 SP2; Vista SP2; Server 2008 SP2 and R2 SP1; Windows 7 ...
Microsoft Windows MSXML XSLT Remote Code Execution (MS14-067; CVE-2014-4118)
A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to an error in MSXML when parsing specially crafted XML content. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file or web page...
Microsoft Internet Explorer 5/6 MSXML XML File Parsing Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7938/info A vulnerability has been reported for the Microsoft Internet Explorer that may result in cross-site scripting attacks. If IE, using the MSXML parser, is unable to parse the requested XML file, it will display a...
CVE-2014-1816
CVE-2014-1816 affects Microsoft XML Core Services (MSXML) 3.0 and 6.0. The vulnerability arises from MSXML’s improper restriction of information transmitted during Internet Explorer download actions, allowing an attacker to disclose full client pathname components and local usernames via a crafte...
February 2014 Security Bulletin Webcast and Q&A
Today we published the February 2014 Security Bulletin Webcast Questions & Answers page. We answered seven questions on air, with the majority of questions focusing on the MSXML bulletin MS14-005 and the revision to Security Advisory 2915720. One question that was not answered on air has been...
CVE-2013-0006
Microsoft XML Core Services aka MSXML 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer Truncation Vulnerability."...
Design/Logic Flaw
Microsoft XML Core Services aka MSXML 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability."...
CVE-2013-0007
CVE-2013-0007 impacts Microsoft XML Core Services (MSXML) versions 4.0–6.0. A parsing fault in MSXML can allow remote code execution when a user visits a crafted web page (MSXML XSLT vulnerability). Affected components include MSXML DLLs; root cause is improper XML content parsing. Mitigation is ...
CVE-2013-0006
CVE-2013-0006 is associated with OSIsoft PI Interface for OPC XML-DA (ICS advisory ICSA-20-315-01) and Microsoft MSXML/MS13-002 context. Connected documents identify the affected product as PI Interface for OPC XML-DA versions prior to 1.7.3.x, where the vulnerability stems from numeric errors/st...