CVE-2010-2561 – Microsoft Msxml2.XMLHTTP.3.0 - Response Handling Memory Corruption (MS10-051)
https://notcve.org/view.php?id=CVE-2010-2561
Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle HTTP responses, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted response, aka "Msxml2.XMLHTTP.3.0 Response Handling Memory Corruption Vulnerability." Microsoft XML Core Services (también conocido como MSXML) v3.0 no manipula correctamente respuestas HTTP, las cuales pueden permitir a atacantes remotos ejecutar código arbitrario o producir una denegación de servicio (corrupción de memoria) mediante una respuesta manipulada. • https://www.exploit-db.com/exploits/14609 http://www.us-cert.gov/cas/techalerts/TA10-222A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-051 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11730 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2008-4033 – Microsoft XML Core Services DTD - Cross-Domain Scripting (MS08-069)
https://notcve.org/view.php?id=CVE-2008-4033
Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability." Vulnerabilidad de dominios cruzados en Microsoft XML Core Services v3.0 hasta v6.0, como el que se utiliza en Microsoft Expression Web, Office, Internet Explorer y otros productos; permite a atacantes remotos obtener información sensible de otro dominio y corromper el estado de la sesión a través de solicitudes de campos de cabecera HTTP, como se ha demostrado con el campo Transfer-Encoding. También se conoce como "Vulnerabilidad de la solicitud de la cabecera MSXML". • https://www.exploit-db.com/exploits/7196 http://marc.info/?l=bugtraq&m=122703006921213&w=2 http://securitytracker.com/id?1021164 http://www.securityfocus.com/bid/32204 http://www.us-cert.gov/cas/techalerts/TA08-316A.html http://www.vupen.com/english/advisories/2008/3111 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-069 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5847 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2007-2223 – Microsoft Internet Explorer substringData Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-2223
Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow. Microsoft XML Core Services (MSXML) versión 3.0 hasta 6.0 permite a los atacantes remotos ejecutar código arbitrario por medio del método substringData en un objeto (1) TextNode o (2) XMLDOM, lo que provoca un desbordamiento de enteros que conduce a un desbordamiento de búfer. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of various Microsoft software User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the substringData() method available on the TextNode JavaScript object. When specific parameters are passed to the method, an integer overflow occurs causing incorrect memory allocation. If this event occurs after a different ActiveX object has been instantiated, an exploitable condition is created when the ActiveX object is deallocated which can result in the execution of arbitrary code. • https://www.exploit-db.com/exploits/30493 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=576 http://secunia.com/advisories/26447 http://www.kb.cert.org/vuls/id/361968 http://www.securityfocus.com/archive/1/476527/100/0/threaded http://www.securityfocus.com/archive/1/476747/100/0/threaded http://www.securityfocus.com/bid/25301 http://www.securitytracker.com/id?1018559 http://www.vupen.com/english/advisories/2007/2866 http://www.zerodayinitiative.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVE-2007-0099
https://notcve.org/view.php?id=CVE-2007-0099
Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka "MSXML Memory Corruption Vulnerability." Una condición de carrera en el módulo msxml3 de Microsoft XML Core Services versión 3.0, tal como es usado en Internet Explorer versión 6 y otras aplicaciones, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de muchas etiquetas anidadas en un documento XML en un IFRAME, cuando la representación de documentos sincrónicos se interrumpe con frecuencia con eventos asincrónicos, como es demostrado mediante un temporizador de JavaScript, que puede desencadenar una desreferencia de puntero NULL o corrupción de memoria, también se conoce como "MSXML Memory Corruption Vulnerability". • http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0113.html http://isc.sans.org/diary.php?storyid=2004 http://marc.info/?l=bugtraq&m=122703006921213&w=2 http://osvdb.org/32627 http://seclists.org/fulldisclosure/2007/Jan/0110.html http://secunia.com/advisories/23655 http://securitytracker.com/id?1021164 http://www.securityfocus.com/archive/1/455965/100/0/threaded http://www.securityfocus.com/archive/1/455986/100/0/threaded http://www.securityfocus.com/archive • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2006-4685
https://notcve.org/view.php?id=CVE-2006-4685
The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains. El control ActiveX XMLHTTP en Microsoft XML Parser 2.6 y XML Core Services 3.0 hasta 6.0 no maneja adecuadamente redirecciones HTTP del lado del servidor, lo cual permite a atacantes remotos con la complicidad del usuario acceder a contenido desde otros dominios. • http://secunia.com/advisories/22333 http://securitytracker.com/id?1017033 http://www.kb.cert.org/vuls/id/547212 http://www.osvdb.org/29425 http://www.securityfocus.com/archive/1/449179/100/0/threaded http://www.securityfocus.com/bid/20339 http://www.vupen.com/english/advisories/2006/3980 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-061 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A221 •