Lucene search

K
MicrosoftXml Core Services

19 matches found

CVE
CVE
added 2012/06/13 4:46 a.m.1089 views

CVE-2012-1889

Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

9.3CVSS7.7AI score0.93081EPSS
CVE
CVE
added 2017/03/17 12:59 a.m.884 views

CVE-2017-0022

Microsoft XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server 2016; and Windows Vista SP2 improperly handles objects in memory, allowing attackers to test for fi...

6.5CVSS4.3AI score0.48804EPSS
CVE
CVE
added 2010/08/11 6:47 p.m.156 views

CVE-2010-2561

Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle HTTP responses, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted response, aka "Msxml2.XMLHTTP.3.0 Response Handling Memory Corruption Vulnerability."

9.3CVSS7.7AI score0.61291EPSS
CVE
CVE
added 2013/01/09 6:9 p.m.154 views

CVE-2013-0007

Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability."

9.3CVSS7.5AI score0.26376EPSS
CVE
CVE
added 2013/01/09 6:9 p.m.101 views

CVE-2013-0006

Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer Truncation Vulnerability."

9.3CVSS7.5AI score0.59737EPSS
CVE
CVE
added 2016/04/12 11:59 p.m.80 views

CVE-2016-0147

Microsoft XML Core Services 3.0 allows remote attackers to execute arbitrary code via a crafted web site, aka "MSXML 3.0 Remote Code Execution Vulnerability."

9.3CVSS7.9AI score0.26416EPSS
CVE
CVE
added 2009/02/04 7:30 p.m.79 views

CVE-2009-0419

Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpReque...

5CVSS6AI score0.58521EPSS
CVE
CVE
added 2007/01/08 8:28 p.m.72 views

CVE-2007-0099

Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous do...

9.3CVSS7.4AI score0.55412EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.62 views

CVE-2002-0057

XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.

5CVSS6.4AI score0.41761EPSS
CVE
CVE
added 2015/04/14 8:59 p.m.59 views

CVE-2015-1646

Microsoft XML Core Services (aka MSXML) 3.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted DTD, aka "MSXML3 Same Origin Policy SFB Vulnerability."

4.3CVSS6.1AI score0.28071EPSS
CVE
CVE
added 2015/08/15 12:59 a.m.58 views

CVE-2015-2471

Microsoft XML Core Services 3.0, 5.0, and 6.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vulnerability," a different vulnerability than CVE-2...

4.3CVSS6.3AI score0.36877EPSS
CVE
CVE
added 2007/08/14 9:17 p.m.57 views

CVE-2007-2223

Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow.

9.3CVSS7.7AI score0.7065EPSS
CVE
CVE
added 2006/11/06 6:7 p.m.56 views

CVE-2006-5745

Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a differe...

7.6CVSS7.3AI score0.87269EPSS
CVE
CVE
added 2015/08/15 12:59 a.m.54 views

CVE-2015-2440

Microsoft XML Core Services 3.0, 5.0, and 6.0 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "MSXML Information Disclosure Vulnerability."

4.3CVSS6.3AI score0.14595EPSS
CVE
CVE
added 2006/10/10 10:7 p.m.46 views

CVE-2006-4685

The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.

2.6CVSS6.5AI score0.55388EPSS
CVE
CVE
added 2008/11/12 11:30 p.m.45 views

CVE-2008-4033

Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as...

4.3CVSS5.9AI score0.58521EPSS
CVE
CVE
added 2014/06/11 4:56 a.m.43 views

CVE-2014-1816

Microsoft XML Core Services (aka MSXML) 3.0 and 6.0 does not properly restrict the information transmitted by Internet Explorer during a download action, which allows remote attackers to discover (1) full pathnames on the client system and (2) local usernames embedded in these pathnames via a craft...

4.3CVSS6AI score0.10855EPSS
CVE
CVE
added 2015/08/15 12:59 a.m.42 views

CVE-2015-2434

Microsoft XML Core Services 3.0 and 5.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vulnerability," a different vulnerability than CVE-2015-24...

4.3CVSS6.3AI score0.36877EPSS
CVE
CVE
added 2006/10/10 10:7 p.m.36 views

CVE-2006-4686

Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.

7.5CVSS7.8AI score0.2843EPSS