Summary
| Detail | |||
|---|---|---|---|
| Vendor | Microsoft | First view | 2002-03-08 |
| Product | Xml Core Services | Last view | 2016-04-12 |
| Version | 5 | Type | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 8.8 | 2016-04-12 | CVE-2016-0147 | Microsoft XML Core Services 3.0 allows remote attackers to execute arbitrary code via a crafted web site, aka "MSXML 3.0 Remote Code Execution Vulnerability." |
| 4.3 | 2015-08-14 | CVE-2015-2471 | Microsoft XML Core Services 3.0, 5.0, and 6.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vulnerability," a different vulnerability than CVE-2015-2434. |
| 4.3 | 2015-08-14 | CVE-2015-2440 | Microsoft XML Core Services 3.0, 5.0, and 6.0 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "MSXML Information Disclosure Vulnerability." |
| 4.3 | 2015-08-14 | CVE-2015-2434 | Microsoft XML Core Services 3.0 and 5.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vulnerability," a different vulnerability than CVE-2015-2471. |
| 4.3 | 2015-04-14 | CVE-2015-1646 | Microsoft XML Core Services (aka MSXML) 3.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted DTD, aka "MSXML3 Same Origin Policy SFB Vulnerability." |
| 4.3 | 2014-06-11 | CVE-2014-1816 | Microsoft XML Core Services (aka MSXML) 3.0 and 6.0 does not properly restrict the information transmitted by Internet Explorer during a download action, which allows remote attackers to discover (1) full pathnames on the client system and (2) local usernames embedded in these pathnames via a crafted web site, aka "MSXML Entity URI Vulnerability." |
| 9.3 | 2013-01-09 | CVE-2013-0007 | Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability." |
| 9.3 | 2013-01-09 | CVE-2013-0006 | Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer Truncation Vulnerability." |
| 9.3 | 2012-06-13 | CVE-2012-1889 | Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. |
| 9.3 | 2010-08-11 | CVE-2010-2561 | Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle HTTP responses, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted response, aka "Msxml2.XMLHTTP.3.0 Response Handling Memory Corruption Vulnerability." |
| 5 | 2009-02-04 | CVE-2009-0419 | Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-4033. |
| 4.3 | 2008-11-12 | CVE-2008-4033 | Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability." |
| 9.3 | 2007-08-14 | CVE-2007-2223 | Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow. |
| 9.3 | 2007-01-08 | CVE-2007-0099 | Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka "MSXML Memory Corruption Vulnerability." |
| 7.6 | 2006-11-06 | CVE-2006-5745 | Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information. |
| 7.5 | 2006-10-10 | CVE-2006-4686 | Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page. |
| 2.6 | 2006-10-10 | CVE-2006-4685 | The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains. |
| 5 | 2002-03-08 | CVE-2002-0057 | XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 18% (3) | CWE-264 | Permissions, Privileges, and Access Controls |
| 18% (3) | CWE-200 | Information Exposure |
| 12% (2) | CWE-310 | Cryptographic Issues |
| 12% (2) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 12% (2) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 6% (1) | CWE-362 | Race Condition |
| 6% (1) | CWE-190 | Integer Overflow or Wraparound |
| 6% (1) | CWE-189 | Numeric Errors |
| 6% (1) | CWE-20 | Improper Input Validation |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:221 | Microsoft XML Core Services Vulnerability |
| oval:org.mitre.oval:def:285 | XSLT Buffer Overrun Vulnerability |
| oval:org.mitre.oval:def:104 | Microsoft XML Core Services Vulnerability |
| oval:org.mitre.oval:def:5793 | MSXML Memory Corruption Vulnerability |
| oval:org.mitre.oval:def:2069 | Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution |
| oval:org.mitre.oval:def:5847 | MSXML Header Request Vulnerability |
| oval:org.mitre.oval:def:11730 | Msxml2.XMLHTTP.3.0 Response Handling Memory Corruption Vulnerability |
| oval:org.mitre.oval:def:15195 | MSXML Uninitialized Memory Corruption Vulnerability - MS12-043 |
| oval:org.mitre.oval:def:16429 | MSXML Integer Truncation Vulnerability - MS13-002 |
| oval:org.mitre.oval:def:15458 | MSXML XSLT Vulnerability - MS13-002 |
| oval:org.mitre.oval:def:24963 | Vulnerability in Microsoft XML Core Services could allow information disclosu... |
| oval:org.mitre.oval:def:29009 | MSXML3 same origin policy SFB vulnerability - CVE-2015-1646 (MS15-039) |
SAINT Exploits
| Description | Link |
|---|---|
| Microsoft XMLHTTP ActiveX control setRequestHeader vulnerability | More info here |
| Microsoft XML Core Services memory corruption | More info here |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 66973 | Microsoft XML Core Services Msxml2.XMLHTTP.3.0 ActiveX HTTP Response Handling... |
| 56438 | Microsoft XML Core Services Set-Cookie HTTP Response Header Restriction Weakness |
| 50279 | Microsoft XML Core Services HTTP Request Header Field Cross-domain Session St... |
| 36394 | Microsoft XML Core Services (MSXML) Multiple Object Handling Overflow |
| 32627 | Microsoft IE msxml3 Module Nested Tag Race Condition DoS |
| 30208 | Microsoft XMLHTTP ActiveX Control setRequestHeader Method Arbitrary Code Exec... |
| 29426 | Microsoft XML Core Services XSLT Processing Overflow |
| 29425 | Microsoft XML Core Services XMLHTTP ActiveX Control Server-side Redirect Info... |
| 3032 | Microsoft IE XMLHTTP Control Arbitrary Remote File Access |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-06-14 | Name : Microsoft XML Core Services Remote Code Execution Vulnerability (2719615) File : nvt/gb_ms_xml_core_services_code_exec_vuln.nasl |
| 2011-01-14 | Name : Microsoft XML Core Services Remote Code Execution Vulnerability (936227) File : nvt/gb_ms07-042.nasl |
| 2010-08-11 | Name : Microsoft Windows LSASS Denial of Service Vulnerability (975467) File : nvt/secpod_ms10-051.nasl |
| 2009-02-18 | Name : Microsoft XML Core Service Information Disclosure Vulnerability File : nvt/secpod_ms_xml_core_svc_info_disc_vuln.nasl |
| 2008-11-12 | Name : Microsoft XML Core Services Remote Code Execution Vulnerability (955218) File : nvt/secpod_ms08-069_900058.nasl |
| 2005-11-03 | Name : XML Core Services patch (Q318203) File : nvt/smb_nt_ms02-008.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2015-B-0098 | Multiple Vulnerabilities in Microsoft XML Core Services (MS15-084) Severity: Category II - VMSKEY: V0061289 |
| 2014-B-0075 | Microsoft XML Core Services Information Disclosure Vulnerability Severity: Category I - VMSKEY: V0052481 |
| 2013-A-0004 | Multiple Vulnerabilities in Microsoft XML Core Services Severity: Category I - VMSKEY: V0036444 |
| 2008-A-0084 | Multiple Vulnerabilities in Microsoft XML Core Services Severity: Category II - VMSKEY: V0017877 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | XMLHTTP 4.0 ActiveX clsid unicode access RuleID : 8728 - Type : WEB-ACTIVEX - Revision : 8 |
| 2014-01-10 | Microsoft Internet Explorer XMLHTTP 4.0 ActiveX clsid access RuleID : 8727 - Type : BROWSER-PLUGINS - Revision : 17 |
| 2014-01-10 | ActiveX clsid unicode access RuleID : 8406 - Type : WEB-ACTIVEX - Revision : 7 |
| 2014-01-10 | Microsoft Internet Explorer ActiveX clsid access RuleID : 8405 - Type : BROWSER-PLUGINS - Revision : 13 |
| 2019-09-17 | Microsoft XML core services cross-domain information disclosure attempt RuleID : 51038 - Type : BROWSER-IE - Revision : 1 |
| 2019-05-24 | Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt RuleID : 49932 - Type : BROWSER-PLUGINS - Revision : 1 |
| 2019-05-24 | Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt RuleID : 49931 - Type : BROWSER-PLUGINS - Revision : 1 |
| 2019-05-24 | Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt RuleID : 49930 - Type : BROWSER-PLUGINS - Revision : 1 |
| 2019-05-24 | Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt RuleID : 49929 - Type : BROWSER-PLUGINS - Revision : 1 |
| 2016-05-12 | Microsoft XML Core Services ActiveX control use after free attempt RuleID : 38464 - Type : BROWSER-PLUGINS - Revision : 2 |
| 2016-05-12 | Microsoft XML Core Services ActiveX control use after free attempt RuleID : 38463 - Type : BROWSER-PLUGINS - Revision : 2 |
| 2015-05-14 | Multiple products external entity injection attempt RuleID : 34098 - Type : FILE-OTHER - Revision : 6 |
| 2015-05-14 | Multiple products external entity injection attempt RuleID : 34097 - Type : FILE-OTHER - Revision : 6 |
| 2015-04-14 | Microsoft XML Core Services MIME Viewer memory corruption attempt RuleID : 33829 - Type : OS-WINDOWS - Revision : 2 |
| 2015-04-14 | Microsoft XML Core Services MIME Viewer memory corruption attempt RuleID : 33828 - Type : OS-WINDOWS - Revision : 2 |
| 2015-04-14 | Microsoft XML Core Services MIME Viewer memory corruption attempt RuleID : 33827 - Type : OS-WINDOWS - Revision : 2 |
| 2014-01-10 | overly large XML file MSXML heap overflow attempt RuleID : 28286 - Type : FILE-OTHER - Revision : 3 |
| 2014-01-10 | Multiple exploit kit Payload detection - readme.dll RuleID : 27898 - Type : EXPLOIT-KIT - Revision : 2 |
| 2014-01-10 | Multiple exploit kit Payload detection - calc.dll RuleID : 27897 - Type : EXPLOIT-KIT - Revision : 2 |
| 2014-01-10 | Multiple exploit kit Payload detection - contacts.dll RuleID : 27896 - Type : EXPLOIT-KIT - Revision : 2 |
| 2014-01-10 | Multiple exploit kit Payload detection - info.dll RuleID : 27895 - Type : EXPLOIT-KIT - Revision : 2 |
| 2014-01-10 | Multiple exploit kit Payload detection - about.dll RuleID : 27894 - Type : EXPLOIT-KIT - Revision : 2 |
| 2014-01-10 | Blackholev2/Darkleech exploit kit landing page request RuleID : 27865-community - Type : EXPLOIT-KIT - Revision : 7 |
| 2014-01-10 | Blackholev2/Darkleech exploit kit landing page request RuleID : 27865 - Type : EXPLOIT-KIT - Revision : 7 |
| 2014-01-10 | Gong Da exploit kit possible jar download RuleID : 27706 - Type : EXPLOIT-KIT - Revision : 3 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2016-04-12 | Name: The remote host is affected by a remote code execution vulnerability. File: smb_nt_ms16-040.nasl - Type: ACT_GATHER_INFO |
| 2015-08-11 | Name: The remote host is affected by multiple information disclosure vulnerabilities. File: smb_nt_ms15-084.nasl - Type: ACT_GATHER_INFO |
| 2015-04-14 | Name: The remote host is affected by a security bypass vulnerability. File: smb_nt_ms15-039.nasl - Type: ACT_GATHER_INFO |
| 2014-06-11 | Name: The remote host is affected by an information disclosure vulnerability. File: smb_nt_ms14-033.nasl - Type: ACT_GATHER_INFO |
| 2013-01-09 | Name: Arbitrary code can be executed on the remote host through Microsoft XML Core ... File: smb_nt_ms13-002.nasl - Type: ACT_GATHER_INFO |
| 2012-07-11 | Name: Arbitrary code can be executed on the remote host through Microsoft XML Core ... File: smb_nt_ms12-043.nasl - Type: ACT_GATHER_INFO |
| 2010-08-11 | Name: Arbitrary code can be executed on the remote host through its Microsoft XML C... File: smb_nt_ms10-051.nasl - Type: ACT_GATHER_INFO |
| 2008-11-12 | Name: Arbitrary code can be executed on the remote host through the web or email cl... File: smb_nt_ms08-069.nasl - Type: ACT_GATHER_INFO |
| 2007-08-14 | Name: Arbitrary code can be executed on the remote host through the web or email cl... File: smb_nt_ms07-042.nasl - Type: ACT_GATHER_INFO |
| 2006-11-14 | Name: Arbitrary code can be executed on the remote host through the web or email cl... File: smb_nt_ms06-071.nasl - Type: ACT_GATHER_INFO |
| 2006-10-10 | Name: Arbitrary code can be executed on the remote host through the web or email cl... File: smb_nt_ms06-061.nasl - Type: ACT_GATHER_INFO |
| 2002-02-24 | Name: Local files can be retrieved through the web client. File: smb_nt_ms02-008.nasl - Type: ACT_GATHER_INFO |
| 2002-02-13 | Name: Arbitrary code can be executed on the remote host through the web client. File: smb_nt_ms02-005.nasl - Type: ACT_GATHER_INFO |
