VYPR

XML Parser

by Microsoft

Source repositories

CVEs (4)

  • CVE-2006-10003CriMar 19, 2026
    risk 0.57cvss 9.8epss 0.01

    XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack. In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls…

  • CVE-2006-4686Oct 10, 2006
    risk 0.02cvss epss 0.29

    Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.

  • CVE-2006-4685Oct 10, 2006
    risk 0.02cvss epss 0.20

    The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.

  • CVE-2006-10002Mar 19, 2026
    risk 0.00cvss epss 0.01

    XML::Parser versions through 2.45 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes. A :utf8 PerlIO layer, parse_stream() in Expat.xs could overflow the XML input buffer because Perl's read() returns decoded…

VYPR — Vulnerability Intelligence