Microsoft

Xml Core Services

19 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.3

CVE-2010-2561

  • EPSS 61.29%
  • Published 11.08.2010 18:47:51
  • Last modified 11.04.2025 00:51:21

Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle HTTP responses, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted response, aka "Msxml2.XMLHTTP.3.0 Response Han...

5

CVE-2009-0419

  • EPSS 26.97%
  • Published 04.02.2009 19:30:00
  • Last modified 09.04.2025 00:30:58

Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote attackers to obtain se...

4.3

CVE-2008-4033

  • EPSS 62.58%
  • Published 12.11.2008 23:30:02
  • Last modified 09.04.2025 00:30:58

Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the...

9.3

CVE-2007-2223

  • EPSS 68.2%
  • Published 14.08.2007 21:17:00
  • Last modified 09.04.2025 00:30:58

Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow.

9.3

CVE-2007-0099

  • EPSS 56.54%
  • Published 08.01.2007 20:28:00
  • Last modified 09.04.2025 00:30:58

Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in ...

7.6

CVE-2006-5745

Exploit
  • EPSS 87.27%
  • Published 06.11.2006 18:07:00
  • Last modified 09.04.2025 00:30:58

Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted ar...

7.5

CVE-2006-4686

  • EPSS 28.43%
  • Published 10.10.2006 22:07:00
  • Last modified 09.04.2025 00:30:58

Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.

2.6

CVE-2006-4685

  • EPSS 55.39%
  • Published 10.10.2006 22:07:00
  • Last modified 09.04.2025 00:30:58

The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.

5

CVE-2002-0057

  • EPSS 41.76%
  • Published 08.03.2002 05:00:00
  • Last modified 03.04.2025 01:03:51

XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.