Skip to main content

Xml Core Services

8 CVEs product

Monthly

CVE-2016-0147 HIGH Act Now

Microsoft XML Core Services 3.0 allows remote attackers to execute arbitrary code via a crafted web site, aka "MSXML 3.0 Remote Code Execution Vulnerability.". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 26.4% and no vendor patch available.

RCE Microsoft Xml Core Services
NVD
CVSS 3.0
8.8
EPSS
26.4%
CVE-2015-2471 MEDIUM This Month

Microsoft XML Core Services 3.0, 5.0, and 6.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 31.5% and no vendor patch available.

Information Disclosure Microsoft Xml Core Services
NVD
CVSS 2.0
4.3
EPSS
31.5%
CVE-2015-2440 MEDIUM This Month

Microsoft XML Core Services 3.0, 5.0, and 6.0 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "MSXML Information Disclosure Vulnerability.". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 12.6% and no vendor patch available.

Information Disclosure Microsoft Xml Core Services
NVD
CVSS 2.0
4.3
EPSS
12.6%
CVE-2015-2434 MEDIUM This Month

Microsoft XML Core Services 3.0 and 5.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 25.8% and no vendor patch available.

Information Disclosure Microsoft Xml Core Services
NVD
CVSS 2.0
4.3
EPSS
25.8%
CVE-2015-1646 MEDIUM This Month

Microsoft XML Core Services (aka MSXML) 3.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted DTD, aka "MSXML3 Same Origin Policy SFB. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 28.1% and no vendor patch available.

Privilege Escalation Microsoft Xml Core Services
NVD
CVSS 2.0
4.3
EPSS
28.1%
CVE-2014-1816 MEDIUM This Month

Microsoft XML Core Services (aka MSXML) 3.0 and 6.0 does not properly restrict the information transmitted by Internet Explorer during a download action, which allows remote attackers to discover (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 10.9% and no vendor patch available.

Privilege Escalation Microsoft Xml Core Services
NVD
CVSS 2.0
4.3
EPSS
10.9%
CVE-2013-0007 CRITICAL Act Now

Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 24.2% and no vendor patch available.

Code Injection Microsoft RCE Xml Core Services Windows 7 +13
NVD
CVSS 2.0
9.3
EPSS
24.2%
CVE-2013-0006 HIGH Act Now

Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 68.3% and no vendor patch available.

Microsoft RCE Xml Core Services Windows 7 Windows 8 +12
NVD
CVSS 3.1
8.8
EPSS
68.3%
EPSS 26% CVSS 8.8
HIGH Act Now

Microsoft XML Core Services 3.0 allows remote attackers to execute arbitrary code via a crafted web site, aka "MSXML 3.0 Remote Code Execution Vulnerability.". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 26.4% and no vendor patch available.

RCE Microsoft Xml Core Services
NVD
EPSS 32% CVSS 4.3
MEDIUM This Month

Microsoft XML Core Services 3.0, 5.0, and 6.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 31.5% and no vendor patch available.

Information Disclosure Microsoft Xml Core Services
NVD
EPSS 13% CVSS 4.3
MEDIUM This Month

Microsoft XML Core Services 3.0, 5.0, and 6.0 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "MSXML Information Disclosure Vulnerability.". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 12.6% and no vendor patch available.

Information Disclosure Microsoft Xml Core Services
NVD
EPSS 26% CVSS 4.3
MEDIUM This Month

Microsoft XML Core Services 3.0 and 5.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 25.8% and no vendor patch available.

Information Disclosure Microsoft Xml Core Services
NVD
EPSS 28% CVSS 4.3
MEDIUM This Month

Microsoft XML Core Services (aka MSXML) 3.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted DTD, aka "MSXML3 Same Origin Policy SFB. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 28.1% and no vendor patch available.

Privilege Escalation Microsoft Xml Core Services
NVD
EPSS 11% CVSS 4.3
MEDIUM This Month

Microsoft XML Core Services (aka MSXML) 3.0 and 6.0 does not properly restrict the information transmitted by Internet Explorer during a download action, which allows remote attackers to discover (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 10.9% and no vendor patch available.

Privilege Escalation Microsoft Xml Core Services
NVD
EPSS 24% CVSS 9.3
CRITICAL Act Now

Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 24.2% and no vendor patch available.

Code Injection Microsoft RCE +15
NVD
EPSS 68% CVSS 8.8
HIGH Act Now

Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 68.3% and no vendor patch available.

Microsoft RCE Xml Core Services +14
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy