Unrated severityNVD Advisory· Published Aug 15, 2015· Updated May 6, 2026

CVE-2015-2471

Description

Microsoft XML Core Services 3.0, 5.0, and 6.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vulnerability," a different vulnerability than CVE-2015-2434.

Affected products

Microsoft/Xml Core Services3 versions
cpe:2.3:a:microsoft:xml_core_services:3.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:microsoft:xml_core_services:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:xml_core_services:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:xml_core_services:6.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securitytracker.com/id/1033241nvd
docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-084nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.025
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000