Microsoft

Xml Core Services

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.3

CVE-2010-2561

  • EPSS 61.29%
  • Veröffentlicht 11.08.2010 18:47:51
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle HTTP responses, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted response, aka "Msxml2.XMLHTTP.3.0 Response Han...

5

CVE-2009-0419

  • EPSS 26.97%
  • Veröffentlicht 04.02.2009 19:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote attackers to obtain se...

4.3

CVE-2008-4033

  • EPSS 62.58%
  • Veröffentlicht 12.11.2008 23:30:02
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the...

9.3

CVE-2007-2223

  • EPSS 68.2%
  • Veröffentlicht 14.08.2007 21:17:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow.

9.3

CVE-2007-0099

  • EPSS 56.54%
  • Veröffentlicht 08.01.2007 20:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in ...

7.6

CVE-2006-5745

Exploit
  • EPSS 87.41%
  • Veröffentlicht 06.11.2006 18:07:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted ar...

7.5

CVE-2006-4686

  • EPSS 28.43%
  • Veröffentlicht 10.10.2006 22:07:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.

2.6

CVE-2006-4685

  • EPSS 55.39%
  • Veröffentlicht 10.10.2006 22:07:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.

5

CVE-2002-0057

  • EPSS 41.76%
  • Veröffentlicht 08.03.2002 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.