VYPR

XML Core Services

by Microsoft

CVEs (28)

  • CVE-2002-0057Mar 8, 2002
    risk 0.02cvss epss 0.19

    XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.

  • CVE-2015-2471Aug 15, 2015
    risk 0.01cvss epss 0.16

    Microsoft XML Core Services 3.0, 5.0, and 6.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vulnerability," a different…

  • CVE-2015-2440Aug 15, 2015
    risk 0.01cvss epss 0.19

    Microsoft XML Core Services 3.0, 5.0, and 6.0 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "MSXML Information Disclosure Vulnerability."

  • CVE-2015-2434Aug 15, 2015
    risk 0.01cvss epss 0.16

    Microsoft XML Core Services 3.0 and 5.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vulnerability," a different…

  • CVE-2015-1646Apr 14, 2015
    risk 0.01cvss epss 0.17

    Microsoft XML Core Services (aka MSXML) 3.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted DTD, aka "MSXML3 Same Origin Policy SFB Vulnerability."

  • CVE-2014-1816Jun 11, 2014
    risk 0.01cvss epss 0.14

    Microsoft XML Core Services (aka MSXML) 3.0 and 6.0 does not properly restrict the information transmitted by Internet Explorer during a download action, which allows remote attackers to discover (1) full pathnames on the client system and (2) local usernames embedded in these…

  • CVE-2009-0419Feb 4, 2009
    risk 0.01cvss epss 0.15

    Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from…

  • CVE-2019-1057Aug 14, 2019
    risk 0.00cvss epss 0.03

    A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system. To exploit the vulnerability,…

Page 2 of 2