Microsoft

Xml Core Services

19 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2017-0022

Warning Exploit
  • EPSS 32.64%
  • Published 17.03.2017 00:59:00
  • Last modified 20.04.2025 01:37:25

Microsoft XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server 2016; and Windows Vista SP2 improperly handles obj...

9.3

CVE-2016-0147

  • EPSS 26.42%
  • Published 12.04.2016 23:59:12
  • Last modified 12.04.2025 10:46:40

Microsoft XML Core Services 3.0 allows remote attackers to execute arbitrary code via a crafted web site, aka "MSXML 3.0 Remote Code Execution Vulnerability."

4.3

CVE-2015-2471

  • EPSS 36.88%
  • Published 15.08.2015 00:59:30
  • Last modified 12.04.2025 10:46:40

Microsoft XML Core Services 3.0, 5.0, and 6.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vul...

4.3

CVE-2015-2440

  • EPSS 14.6%
  • Published 15.08.2015 00:59:12
  • Last modified 12.04.2025 10:46:40

Microsoft XML Core Services 3.0, 5.0, and 6.0 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "MSXML Information Disclosure Vulnerability."

4.3

CVE-2015-2434

  • EPSS 30.69%
  • Published 15.08.2015 00:59:10
  • Last modified 12.04.2025 10:46:40

Microsoft XML Core Services 3.0 and 5.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vulnerabi...

4.3

CVE-2015-1646

  • EPSS 28.07%
  • Published 14.04.2015 20:59:09
  • Last modified 12.04.2025 10:46:40

Microsoft XML Core Services (aka MSXML) 3.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted DTD, aka "MSXML3 Same Origin Policy SFB Vulnerability."

4.3

CVE-2014-1816

  • EPSS 10.86%
  • Published 11.06.2014 04:56:18
  • Last modified 12.04.2025 10:46:40

Microsoft XML Core Services (aka MSXML) 3.0 and 6.0 does not properly restrict the information transmitted by Internet Explorer during a download action, which allows remote attackers to discover (1) full pathnames on the client system and (2) local ...

9.3

CVE-2013-0007

  • EPSS 27.2%
  • Published 09.01.2013 18:09:40
  • Last modified 11.04.2025 00:51:21

Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability."

9.3

CVE-2013-0006

  • EPSS 65.08%
  • Published 09.01.2013 18:09:40
  • Last modified 11.04.2025 00:51:21

Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer Truncation Vulnerability."

9.3

CVE-2012-1889

Warning
  • EPSS 92.78%
  • Published 13.06.2012 04:46:46
  • Last modified 11.04.2025 00:51:21

Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.