CVSS: 6.5EPSS: 78%CPEs: 17EXPL: 1CVE-2017-0022 – Microsoft XML Core Services Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-0022
Microsoft XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server 2016; and Windows Vista SP2 improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site, aka "Microsoft XML Information Disclosure Vulnerability." Microsoft XML Core Services (MSXML) en Windows 10 Gold, 1511 y 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 y R2 SP1; Windows Server 2012 Gold y R2; Windows Server 2016 y Windows Vista SP2 maneja incorrectamente objetos en la memoria, permitiendo a atacantes probar archivos en disco a través de un sitio web manipulado, vulnerabilidad también conocida como "Microsoft XML Information Disclosure Vulnerability". Microsoft XML Core Services (MSXML) improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site. • http://www.securityfocus.com/bid/96069 http://www.securitytracker.com/id/1038014 https://0patch.blogspot.com/2017/09/exploit-kit-rendezvous-and-cve-2017-0022.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0022 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 10%CPEs: 1EXPL: 0CVE-2016-0147
https://notcve.org/view.php?id=CVE-2016-0147
Microsoft XML Core Services 3.0 allows remote attackers to execute arbitrary code via a crafted web site, aka "MSXML 3.0 Remote Code Execution Vulnerability." Microsoft XML Core Services 3.0 permite a atacantes remotos ejecutar código arbitrario a través de una página web manipulada, también conocida como "MSXML 3.0 Remote Code Execution Vulnerability". • http://www.securitytracker.com/id/1035523 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-040 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2434
https://notcve.org/view.php?id=CVE-2015-2434
Microsoft XML Core Services 3.0 and 5.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vulnerability," a different vulnerability than CVE-2015-2471. Vulnerabilidad en Microsoft XML Core Services 3.0 y 5.0, admite SSL 2.0, lo que hace que sea más fácil para atacantes remotos romper los mecanismos de protección de cifrado husmeando la red y llevando a cabo un ataque de descifrado, también conocida como 'MSXML Information Disclosure Vulnerability', una vulnerabilidad diferente a CVE-2015-2471. • http://www.securitytracker.com/id/1033241 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-084 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •
CVSS: 4.3EPSS: 1%CPEs: 3EXPL: 0CVE-2015-2471
https://notcve.org/view.php?id=CVE-2015-2471
Microsoft XML Core Services 3.0, 5.0, and 6.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vulnerability," a different vulnerability than CVE-2015-2434. Vulnerabilidad en Microsoft XML Core Services 3.0, 5.0 y 6.0 admite SSL 2.0, lo que facilita a atacantes remotos romper los mecanismos de protección de cifrado husmeando la red y llevando a cabo un ataque de descifrado, también conocida como 'MSXML Information Disclosure Vulnerability', una vulnerabilidad diferente a CVE-2015-2434. • http://www.securitytracker.com/id/1033241 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-084 • CWE-310: Cryptographic Issues •
CVSS: 5.4EPSS: 66%CPEs: 3EXPL: 0CVE-2015-2440 – Microsoft MSXML generate-id Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-2440
Microsoft XML Core Services 3.0, 5.0, and 6.0 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "MSXML Information Disclosure Vulnerability." Vulnerabilidad en Microsoft XML Core Services 3.0, 5.0 y 6.0, permite a atacantes remotos evadir el mecanismo de protección ASLR a través de una página web manipulada, también conocida como 'MSXML Information Disclosure Vulnerability.' This vulnerability allows remote attackers to gain information about the layout of memory on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the XSLT function generate-id. The unique ID string it returns can be used to infer the address at which an XML Node object is stored in memory. • http://www.securityfocus.com/bid/76232 http://www.securitytracker.com/id/1033241 http://www.zerodayinitiative.com/advisories/ZDI-15-381 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-084 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •