Microsoft » Xml Core Services : Security Vulnerabilities, CVEs, CVSS score >= 9
Memory corruption in Core Services while executing the command for removing a single event listener.
Max CVSS
9.3
EPSS Score
0.05%
Published
2024-03-04
Updated
2024-04-12
Microsoft XML Core Services 3.0 allows remote attackers to execute arbitrary code via a crafted web site, aka "MSXML 3.0 Remote Code Execution Vulnerability."
Max CVSS
9.3
EPSS Score
10.82%
Published
2016-04-12
Updated
2018-10-12
Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability."
Max CVSS
9.3
EPSS Score
93.49%
Published
2013-01-09
Updated
2023-12-07
Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer Truncation Vulnerability."
Max CVSS
9.3
EPSS Score
94.93%
Published
2013-01-09
Updated
2023-12-07
CVE-2012-1889
Known exploited
Public exploit
Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
Max CVSS
9.3
EPSS Score
97.47%
Published
2012-06-13
Updated
2023-12-07
CISA KEV Added
2022-06-08
Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle HTTP responses, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted response, aka "Msxml2.XMLHTTP.3.0 Response Handling Memory Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
93.29%
Published
2010-08-11
Updated
2018-10-12
Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow.
Max CVSS
9.3
EPSS Score
91.90%
Published
2007-08-14
Updated
2019-02-27
Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka "MSXML Memory Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
95.06%
Published
2007-01-08
Updated
2018-10-16
8 vulnerabilities found