RSS   Vulnerabilities for 'Xml core services'   RSS

2016-04-12
 
CVE-2016-0147

CWE-20
 

 
Microsoft XML Core Services 3.0 allows remote attackers to execute arbitrary code via a crafted web site, aka "MSXML 3.0 Remote Code Execution Vulnerability."

 
2015-08-14
 
CVE-2015-2471

CWE-310
 

 
Microsoft XML Core Services 3.0, 5.0, and 6.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vulnerability," a different vulnerability than CVE-2015-2434.

 
 
CVE-2015-2440

CWE-200
 

 
Microsoft XML Core Services 3.0, 5.0, and 6.0 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "MSXML Information Disclosure Vulnerability."

 
 
CVE-2015-2434

CWE-310
 

 
Microsoft XML Core Services 3.0 and 5.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vulnerability," a different vulnerability than CVE-2015-2471.

 
2015-04-14
 
CVE-2015-1646

CWE-264
 

 
Microsoft XML Core Services (aka MSXML) 3.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted DTD, aka "MSXML3 Same Origin Policy SFB Vulnerability."

 
2014-11-11
 
CVE-2014-4118

CWE-94
 

 
XML Core Services (aka MSXML) 3.0 in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (system-state corruption) via crafted XML content, aka "MSXML Remote Code Execution Vulnerability."

 
2014-06-11
 
CVE-2014-1816

CWE-264
 

 
Microsoft XML Core Services (aka MSXML) 3.0 and 6.0 does not properly restrict the information transmitted by Internet Explorer during a download action, which allows remote attackers to discover (1) full pathnames on the client system and (2) local usernames embedded in these pathnames via a crafted web site, aka "MSXML Entity URI Vulnerability."

 
2014-02-11
 
CVE-2014-0266

CWE-200
 

 
The XMLHTTP ActiveX controls in XML Core Services 3.0 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to bypass the Same Origin Policy via a web page that is visited in Internet Explorer, aka "MSXML Information Disclosure Vulnerability."

 
2013-01-09
 
CVE-2013-0007

CWE-94
 

 
Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability."

 
 
CVE-2013-0006

CWE-189
 

 
Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer Truncation Vulnerability."

 


Copyright 2024, cxsecurity.com

 

Back to Top