Show filters
11 Total Results
Displaying 1-10 of 11
Sort by:
Attacker Value
Unknown
CVE-2012-1889 - MS12-043 Microsoft XML Core Services MSXML Uninitialized Memory…
Disclosure Date: June 13, 2012 (last updated June 29, 2024)
Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
0
Attacker Value
Unknown
CVE-2015-2440
Disclosure Date: August 15, 2015 (last updated October 05, 2023)
Microsoft XML Core Services 3.0, 5.0, and 6.0 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "MSXML Information Disclosure Vulnerability."
0
Attacker Value
Unknown
CVE-2015-2471
Disclosure Date: August 15, 2015 (last updated October 05, 2023)
Microsoft XML Core Services 3.0, 5.0, and 6.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vulnerability," a different vulnerability than CVE-2015-2434.
0
Attacker Value
Unknown
CVE-2014-1816
Disclosure Date: June 11, 2014 (last updated October 05, 2023)
Microsoft XML Core Services (aka MSXML) 3.0 and 6.0 does not properly restrict the information transmitted by Internet Explorer during a download action, which allows remote attackers to discover (1) full pathnames on the client system and (2) local usernames embedded in these pathnames via a crafted web site, aka "MSXML Entity URI Vulnerability."
0
Attacker Value
Unknown
CVE-2013-0006
Disclosure Date: January 09, 2013 (last updated December 08, 2023)
Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer Truncation Vulnerability."
0
Attacker Value
Unknown
CVE-2013-0007
Disclosure Date: January 09, 2013 (last updated December 08, 2023)
Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability."
0
Attacker Value
Unknown
CVE-2008-4033
Disclosure Date: November 12, 2008 (last updated October 04, 2023)
Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability."
0
Attacker Value
Unknown
CVE-2007-2223
Disclosure Date: August 14, 2007 (last updated October 04, 2023)
Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow.
0
Attacker Value
Unknown
CVE-2006-4686
Disclosure Date: October 10, 2006 (last updated October 04, 2023)
Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.
0
Attacker Value
Unknown
CVE-2006-4685
Disclosure Date: October 10, 2006 (last updated October 04, 2023)
The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.
0