CVE-2012-1889

CVE-2012-1889 concerns memory corruption in Microsoft XML Core Services (MSXML) across 3.0–6.0 that can allow remote code execution via a crafted web page. The vulnerability stems from accessing uninitialized memory locations, with exploitation commonly involving MSXML components (e.g., getDefini...

CVE-2017-0022

CVE-2017-0022 affects Microsoft XML Core Services (MSXML) across multiple Windows OS versions; vulnerability stems from improper handling of memory objects, enabling an attacker to determine whether a file exists on disk via a crafted web site. Public sources classify it as an information-disclos...

CVE-2013-0007

CVE-2013-0007 impacts Microsoft XML Core Services (MSXML) versions 4.0–6.0. A parsing fault in MSXML can allow remote code execution when a user visits a crafted web page (MSXML XSLT vulnerability). Affected components include MSXML DLLs; root cause is improper XML content parsing. Mitigation is ...

CVE-2010-2561

MSXML MSXML3.0 (Microsoft XML Core Services) contains a remote code execution/memory corruption vulnerability in how it handles HTTP responses from Msxml2.XMLHTTP.3.0. A crafted HTTP response can trigger memory corruption, enabling arbitrary code execution or a crash. The issue is addressed by Mi...

CVE-2013-0006

CVE-2013-0006 is associated with OSIsoft PI Interface for OPC XML-DA (ICS advisory ICSA-20-315-01) and Microsoft MSXML/MS13-002 context. Connected documents identify the affected product as PI Interface for OPC XML-DA versions prior to 1.7.3.x, where the vulnerability stems from numeric errors/st...

CVE-2009-0419

CVE-2009-0419 concerns information disclosure in Microsoft XML Core Services via Set-Cookie2 headers accessible from XMLHttpRequest. Connected documentation shows Microsoft MS08-069 (KB955218) addressing XML Core Services vulnerabilities, resolving an information-disclosure risk and guiding updat...

CVE-2016-0147

CVE-2016-0147 affects Microsoft XML Core Services 3.0. The vulnerability arises from improper input handling in MSXML, allowing remote code execution when a user visits a crafted web site or opens malicious content. Exploitation is possible remotely via network. Public exploit activity is noted b...

CVE-2007-0099

CVE-2007-0099 describes a race-condition in Microsoft XML Core Services 3.0 (MSXML3) used by Internet Explorer 6 and other apps. The flaw can be triggered by many nested XML tags in an IFRAME when synchronous rendering is disrupted by asynchronous events (e.g., JavaScript timers), leading to NULL...

CVE-2002-0057

The CVE-2002-0057 issue affects the Microsoft XML Core Services XMLHTTP control (MSXML) in versions 2.6, 3.0, and 4.0 where IE security zone handling is applied to redirected data streams. The flaw allows a remote attacker to read arbitrary local files by specifying a local file as the XML Data S...

CVE-2015-1646

CVE-2015-1646 affects Microsoft XML Core Services (MSXML) 3.0. The vulnerability is a same-origin policy security bypass in MSXML3 that can allow remote attackers to obtain sensitive information via a crafted DTD. Multiple sources (NVD entry and vulnerability repositories) describe the issue and ...

CVE-2015-2471

CVE-2015-2471 affects Microsoft XML Core Services 3.0, 5.0, and 6.0 which still support SSL 2.0. The root cause is the ability for a remote attacker to perform a decryption attack via SSL 2.0, leading to information disclosure. The connected documents describe the vulnerability and its disclosure...

CVE-2007-2223

Microsoft XML Core Services (MSXML) 3.0–6.0 contains a vulnerability in the substringData() method on TextNode/XMLDOM objects that leads to an integer overflow and a subsequent buffer overflow, enabling remote code execution when a user is enticed to view a malicious page. The issue affects MSXML...

CVE-2006-5745

CVE-2006-5745 describes a memory-corruption vulnerability in the XMLHTTP ActiveX Control (MSXML4) used by Internet Explorer on Windows, enabling remote code execution when an attacker crafts arguments to setRequestHeader in the XMLHTTP 4.0 control. The issue affects Microsoft XML Core Services 4....

CVE-2015-2440

CVE-2015-2440 affects Microsoft XML Core Services (MSXML) 3.0, 5.0 and 6.0. The issue enables remote attackers to bypass Address Space Layout Randomization (ASLR) and read private data via a crafted web site, i.e., an information-disclosure vulnerability. Public documentation ties this to MSXML c...

CVE-2006-4685

Summary (CVE-2006-4685) The XMLHTTP ActiveX control in MSXML/MSXML Core Services (versions 2.6, 3.0–6.0) incorrectly handles server-side redirects, enabling remote, user-assisted access to content from other domains. This information-disclosure vulnerability can let an attacker read cookies or da...

CVE-2015-2434

The CVE-2015-2434 entry concerns Microsoft XML Core Services 3.0 and 5.0 that support SSL 2.0, which the sources describe as enabling a network-based decryption attack (man-in-the-middle) and thus exposing cryptographic protections. The connected documents corroborate that this vulnerability stem...

CVE-2008-4033

CVE-2008-4033 is a cross-domain information disclosure vulnerability in Microsoft XML Core Services (MSXML) versions 3.0 through 6.0, affecting multiple products that embed MSXML (including Expression Web, Office, and Internet Explorer). The issue involves improper handling of HTTP header fields ...

CVE-2014-1816

CVE-2014-1816 affects Microsoft XML Core Services (MSXML) 3.0 and 6.0. The vulnerability arises from MSXML’s improper restriction of information transmitted during Internet Explorer download actions, allowing an attacker to disclose full client pathname components and local usernames via a crafte...

CVE-2006-4686

CVE-2006-4686 is a Web-exploitable vulnerability in the XSLT processing of Microsoft XML Core Services (MSXML) 2.6 and MSXML Core Services 3.0–6.0 . The issue is a buffer overflow in the XSLT component that could allow a remote attacker to execute arbitrary code by convincing a user to view a cra...