CVE-2013-0006

Microsoft XML Core Services aka MSXML 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer Truncation Vulnerability."...

MSXML Exploit Surfaces in Black Hole Kit

Attackers really like exploit kits because they offer users the ease of point-and-click exploitation, lots of potential targets and don’t require a huge amount of technical knowledge to use. Attackers also enjoy Microsoft vulnerabilities, especially unpatched ones, because of the massive installe...

Attackers Targeting MSXML Flaw With Malicious Flash Files

The unpatched vulnerability in Internet Explorer’s MSXML component that Microsoft warned users about earlier this month is being used in attacks that employ malicious Flash files. Researchers say that the attacks are taking the form of drive-by downloads launched from compromised legitimate sites...

Microsoft Issues FixIt For XML Flaw

With attackers already exploiting the MSXML zero-day vulnerability, which affects a wide range of products, Microsoft has issued a FixIt tool for the bug that it is encouraging users to install as they prepare a full patch for the flaw. The vulnerability is a critical one, and, because it’s prese...

JVN#73643130: Microsoft MSXML vulnerability in HTTP request processing

MSXML provided by Microsoft contains a vulnerability where HTTP requests for XMLHTTP objects are not processed properly. As a result, when going through a proxy server, information may be sent to another server. Impact When going through a proxy server, information such as authentication...

Security Update for Windows Server 2003 x64 Edition (KB955069)

A security issue has been identified in the way Microsoft XML Core Services MSXML is handled that could allow an attacker to compromise a computer that is running Microsoft Windows and gain control over it. You can help protect your computer by installing this update from Microsoft. After you...