Microsoft Windows MSXML XSLT Remote Code Execution (MS13-002; CVE-2013-0007)

A remote code execution vulnerability has been reported in Microsoft Windows...

Internet Explorer MSXML Uninitialized Memory (MS12-043)

Exploit for windows platform in category remote exploits Title : Internet Explorer MSXML Uninitialized Memory MS12-043 Date : 2012-09-01 Auther : Senator of Pirates E-Mail : email protected FaceBook : /SenatorofPirates : /SenatorofPiratesInfo Greetz : i greet to my best friends and every Moroccan...

MSXML Exploit Surfaces in Black Hole Kit

Attackers really like exploit kits because they offer users the ease of point-and-click exploitation, lots of potential targets and don’t require a huge amount of technical knowledge to use. Attackers also enjoy Microsoft vulnerabilities, especially unpatched ones, because of the massive installe...

Microsoft XML Core Services memory corruption

Added: 06/27/2012 CVE: CVE-2012-1889 BID: 53934 OSVDB: 82873 Background Microsoft XML Core Services allows developers to create XML-based applications. Problem A memory corruption vulnerability allows command execution when a user opens a specially crafted web page, which causes MSXML to access a...

Microsoft XML Core Services memory corruption

Added: 06/27/2012 CVE: CVE-2012-1889 BID: 53934 OSVDB: 82873 Background Microsoft XML Core Services allows developers to create XML-based applications. Problem A memory corruption vulnerability allows command execution when a user opens a specially crafted web page, which causes MSXML to access a...

Attackers Targeting MSXML Flaw With Malicious Flash Files

The unpatched vulnerability in Internet Explorer’s MSXML component that Microsoft warned users about earlier this month is being used in attacks that employ malicious Flash files. Researchers say that the attacks are taking the form of drive-by downloads launched from compromised legitimate sites...

Microsoft Issues FixIt For XML Flaw

With attackers already exploiting the MSXML zero-day vulnerability, which affects a wide range of products, Microsoft has issued a FixIt tool for the bug that it is encouraging users to install as they prepare a full patch for the flaw. The vulnerability is a critical one, and, because it’s prese...

JVN#73643130: Microsoft MSXML vulnerability in HTTP request processing

MSXML provided by Microsoft contains a vulnerability where HTTP requests for XMLHTTP objects are not processed properly. As a result, when going through a proxy server, information may be sent to another server. Impact When going through a proxy server, information such as authentication...

CVE-2011-1713

Microsoft msxml.dll, as used in Internet Explorer 8 on Windows 7, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. NOTE: this might overlap CVE-2011-1202...

Memory corruption

Microsoft XML Core Services aka MSXML 3.0 does not properly handle HTTP responses, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted response, aka "Msxml2.XMLHTTP.3.0 Response Handling Memory Corruption Vulnerability."...

CVE-2010-2561

MSXML MSXML3.0 (Microsoft XML Core Services) contains a remote code execution/memory corruption vulnerability in how it handles HTTP responses from Msxml2.XMLHTTP.3.0. A crafted HTTP response can trigger memory corruption, enabling arbitrary code execution or a crash. The issue is addressed by Mi...

Microsoft Msxml2.XMLHTTP.3.0 Response Handling Memory Corruption (MS10-051; CVE-2010-2561)

MSXML is an application for processing Extensible Style-sheet Language Transformation in an XML file that allows programmers to create high-performance XML-based applications. A remote code execution vulnerability has been reported in Microsoft XML Core Services MSXML. The vulnerability is due to...

Cross site scripting

Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, ...

Microsoft XML Core Services DTD Cross-Domain Scripting (MS08-069; CVE-2008-4029)

MSXML is an application for processing Extensible Stylesheet Language Transformation in an XML file that allows programmers to create high-performance XML-based applications. An information disclosure vulnerability has been reported in Microsoft XML Core Services MSXML. The vulnerability is due t...

CVE-2007-2223

Microsoft XML Core Services (MSXML) 3.0–6.0 contains a vulnerability in the substringData() method on TextNode/XMLDOM objects that leads to an integer overflow and a subsequent buffer overflow, enabling remote code execution when a user is enticed to view a malicious page. The issue affects MSXML...

Microsoft XMLHTTP Control Open Method Code Execution (MS06-071; CVE-2006-5745)

XML HTTP, an ActiveX control that is included in Microsoft XML Core Services MSXML, is vulnerable to remote code execution. MSXML is an application for processing Extensible Stylesheet Language Transformation in an XML file that allows programmers to create high-performance XML-based applications...

Microsoft Internet Explorer 56 - MSXML XML File Parsing Cross-Site Scripting

Microsoft Internet Explorer 56 - MSXML XML File Parsing Cross-Site Scripting source: https://www.securityfocus.com/bid/7938/info A vulnerability has been reported for the Microsoft Internet Explorer that may result in cross-site scripting attacks. If IE, using the MSXML parser, is unable to parse...

Microsoft Internet Explorer 5/6 - MSXML XML File Parsing Cross-Site Scripting

source: https://www.securityfocus.com/bid/7938/info A vulnerability has been reported for the Microsoft Internet Explorer that may result in cross-site scripting attacks. If IE, using the MSXML parser, is unable to parse the requested XML file, it will display a parse error that also includes the...

MSXML 6 Pre-Req

...

Security Update for Windows Vista for x64-based Systems (KB936021)

A security issue has been identified in Microsoft XML Core Services MSXML that could allow an attacker to compromise your Windows-based system and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restar...