Memory corruption in Core Services while executing the command for removing a single event listener.
Max CVSS
9.3
EPSS Score
0.05%
Published
2024-03-04
Updated
2024-03-04
Microsoft XML Core Services 3.0 allows remote attackers to execute arbitrary code via a crafted web site, aka "MSXML 3.0 Remote Code Execution Vulnerability."
Max CVSS
9.3
EPSS Score
10.82%
Published
2016-04-12
Updated
2018-10-12
Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability."
Max CVSS
9.3
EPSS Score
93.49%
Published
2013-01-09
Updated
2023-12-07
Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer Truncation Vulnerability."
Max CVSS
9.3
EPSS Score
95.08%
Published
2013-01-09
Updated
2023-12-07

CVE-2012-1889

Known exploited
Public exploit
Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
Max CVSS
9.3
EPSS Score
97.47%
Published
2012-06-13
Updated
2023-12-07
CISA KEV Added
2022-06-08
Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle HTTP responses, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted response, aka "Msxml2.XMLHTTP.3.0 Response Handling Memory Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
93.76%
Published
2010-08-11
Updated
2018-10-12
Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-4033.
Max CVSS
5.0
EPSS Score
0.43%
Published
2009-02-04
Updated
2017-08-08
Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow.
Max CVSS
9.3
EPSS Score
91.90%
Published
2007-08-14
Updated
2019-02-27
Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka "MSXML Memory Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
95.06%
Published
2007-01-08
Updated
2018-10-16

CVE-2006-5745

Public exploit
Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information.
Max CVSS
7.6
EPSS Score
97.04%
Published
2006-11-06
Updated
2018-10-12
Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.
Max CVSS
7.5
EPSS Score
39.99%
Published
2006-10-10
Updated
2018-10-17
XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.
Max CVSS
5.0
EPSS Score
2.44%
Published
2002-03-08
Updated
2021-07-23
12 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!