CVSS: 9.8EPSS: 92%CPEs: 1EXPL: 1CVE-2010-2561 – Microsoft Msxml2.XMLHTTP.3.0 - Response Handling Memory Corruption (MS10-051)
https://notcve.org/view.php?id=CVE-2010-2561
11 Aug 2010 — Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle HTTP responses, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted response, aka "Msxml2.XMLHTTP.3.0 Response Handling Memory Corruption Vulnerability." Microsoft XML Core Services (también conocido como MSXML) v3.0 no manipula correctamente respuestas HTTP, las cuales pueden permitir a atacantes remotos ejecutar código arbitrario o producir una denegación de servicio (cor... • https://www.exploit-db.com/exploits/14609 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 69%CPEs: 41EXPL: 1CVE-2008-4033 – Microsoft XML Core Services DTD - Cross-Domain Scripting (MS08-069)
https://notcve.org/view.php?id=CVE-2008-4033
12 Nov 2008 — Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability." Vulnerabilidad de dominios cruzados en Microsoft XML Core Services v3.0 hasta v6.0, como el que se utiliza en Microsoft Expre... • https://www.exploit-db.com/exploits/7196 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 88%CPEs: 26EXPL: 1CVE-2007-2223 – Microsoft Internet Explorer substringData Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-2223
14 Aug 2007 — Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow. Microsoft XML Core Services (MSXML) versión 3.0 hasta 6.0 permite a los atacantes remotos ejecutar código arbitrario por medio del método substringData en un objeto (1) TextNode o (2) XMLDOM, lo que provoca un desbordamiento de enteros que conduce a un desbordamiento de búfe... • https://www.exploit-db.com/exploits/30493 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 9.3EPSS: 94%CPEs: 2EXPL: 0CVE-2007-0099
https://notcve.org/view.php?id=CVE-2007-0099
08 Jan 2007 — Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka "MSXML Memory Corruption Vulnerabi... • http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0113.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 0CVE-2006-4685
https://notcve.org/view.php?id=CVE-2006-4685
10 Oct 2006 — The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains. El control ActiveX XMLHTTP en Microsoft XML Parser 2.6 y XML Core Services 3.0 hasta 6.0 no maneja adecuadamente redirecciones HTTP del lado del servidor, lo cual permite a atacantes remotos con la complicidad del usuario acceder a contenido desde otros dominios. • http://secunia.com/advisories/22333 •
CVSS: 8.8EPSS: 67%CPEs: 4EXPL: 0CVE-2006-4686
https://notcve.org/view.php?id=CVE-2006-4686
10 Oct 2006 — Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page. Desbordamiento de búfer en el procesamiento de las Transformaciones de Lenguaje de Hojas de Estilo Extensibles (XSLT) en Microsoft XML Parser 2.6 y XML Core Services 3.0 hasta 6.0 permite a atacantes remotos ejecutar código de su elección mediante una página Web artesanal. • http://secunia.com/advisories/22333 •
CVSS: 7.5EPSS: 2%CPEs: 9EXPL: 0CVE-2002-0057
https://notcve.org/view.php?id=CVE-2002-0057
08 Mar 2002 — XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source. El control XMLHTTP en Microsoft XML Core Services 2.6 y versiones posteriores no manejan adecuadamente el establecimiento de valores de la Zona de Seguridad del IE, lo cual permite a atacantes remotos la lectura arbitraria de ficheros especificando un fichero local como una fuente de datos XML. • http://archives.neohapsis.com/archives/bugtraq/2001-12/0152.html •