EUVD-2004-2003

Malware in sbrugna...

Microsoft Windows VBScript Class_Terminate MSXML3 Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows VBScript. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Description of the security update for the remote code execution vulnerability in Windows Embedded POSReady 2009 and Windows Embedded Standard 2009: September 11, 2018

Description of the security update for the remote code execution vulnerability in Windows Embedded POSReady 2009 and Windows Embedded Standard 2009: September 11, 2018 Summary A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An...

CVE-2007-0099

Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service application crash via many nested tags in an XML document in an IFRAME, when synchronous...

CVE-2007-0099

CVE-2007-0099 describes a race-condition in Microsoft XML Core Services 3.0 (MSXML3) used by Internet Explorer 6 and other apps. The flaw can be triggered by many nested XML tags in an IFRAME when synchronous rendering is disrupted by asynchronous events (e.g., JavaScript timers), leading to NULL...

CVE-2007-0099

Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service application crash via many nested tags in an XML document in an IFRAME, when synchronous...

Microsoft Internet Explorer MSXML3竞争条件内存破坏漏洞

Microsoft Internet Explorer是一款流行的WEB浏览器。 Microsoft Internet Explorer存在竞争条件错误，远程攻击者可以利用漏洞进行内存破坏攻击，可导致拒绝服务或执行任意指令攻击。 问题是由于Microsoft Internet...

Concurrency strikes MSIE (potentially exploitable msxml3 flaws)

A while ago, apparently angry with Larry Seltzer, I penned a quick write-up on the possible issues with race conditions triggered by asynchronous browser events such as JavaScript timers colliding with synchronous content rendering: http://seclists.org/vulnwatch/2006/q3/0023.html This is in...

CVE-2004-2011

msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to cause a denial of service crash via a single & ampersand in a link, which triggers a parsing error, possibly due to missing portions of the URI...