Microsoft Windows MSXML 3.0 Remote Code Execution (MS16-040: CVE-2016-0147)

A use after free vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way Windows parses an XML file. A remote attacker can exploit this issue by enticing a target victim to run a specially crafted XML file. Successful exploitation could trigger arbitrary code...

Memory corruption

Microsoft XML Core Services aka MSXML 3.0 does not properly handle HTTP responses, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted response, aka "Msxml2.XMLHTTP.3.0 Response Handling Memory Corruption Vulnerability."...