CVSS: 7.5EPSS: 41%CPEs: 4EXPL: 0CVE-2006-4686
https://notcve.org/view.php?id=CVE-2006-4686
Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page. Desbordamiento de búfer en el procesamiento de las Transformaciones de Lenguaje de Hojas de Estilo Extensibles (XSLT) en Microsoft XML Parser 2.6 y XML Core Services 3.0 hasta 6.0 permite a atacantes remotos ejecutar código de su elección mediante una página Web artesanal. • http://secunia.com/advisories/22333 http://securitytracker.com/id?1017033 http://www.kb.cert.org/vuls/id/562788 http://www.osvdb.org/29426 http://www.securityfocus.com/archive/1/449179/100/0/threaded http://www.securityfocus.com/bid/20338 http://www.vupen.com/english/advisories/2006/3980 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-061 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A285 •
CVSS: 5.0EPSS: 2%CPEs: 9EXPL: 0CVE-2002-0057
https://notcve.org/view.php?id=CVE-2002-0057
XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source. El control XMLHTTP en Microsoft XML Core Services 2.6 y versiones posteriores no manejan adecuadamente el establecimiento de valores de la Zona de Seguridad del IE, lo cual permite a atacantes remotos la lectura arbitraria de ficheros especificando un fichero local como una fuente de datos XML. • http://archives.neohapsis.com/archives/bugtraq/2001-12/0152.html http://marc.info/?l=bugtraq&m=101366383408821&w=2 http://www.osvdb.org/3032 http://www.securityfocus.com/bid/3699 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-008 https://exchange.xforce.ibmcloud.com/vulnerabilities/7712 •