Microsoft xml_core_services 5.0

CPE Details

Microsoft xml_core_services 5.0
microsoft
xml_core_services
5.0
2009-01-30
17h20 +00:00
2009-01-30
17h20 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:microsoft:xml_core_services:5.0:*:*:*:*:*:*:*

Informations

Vendor

microsoft

Product

xml_core_services

Version

5.0

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2015-2434 2015-08-14 22h00 +00:00 Microsoft XML Core Services 3.0 and 5.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vulnerability," a different vulnerability than CVE-2015-2471.
4.3
CVE-2015-2440 2015-08-14 22h00 +00:00 Microsoft XML Core Services 3.0, 5.0, and 6.0 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "MSXML Information Disclosure Vulnerability."
4.3
CVE-2015-2471 2015-08-14 22h00 +00:00 Microsoft XML Core Services 3.0, 5.0, and 6.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vulnerability," a different vulnerability than CVE-2015-2434.
4.3
CVE-2013-0006 2013-01-09 17h00 +00:00 Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer Truncation Vulnerability."
8.8
Haute
CVE-2013-0007 2013-01-09 17h00 +00:00 Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability."
9.3
CVE-2012-1889 2012-06-13 01h00 +00:00 Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
8.8
Haute
CVE-2009-0419 2009-02-04 18h00 +00:00 Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-4033.
5
CVE-2008-4033 2008-11-12 22h00 +00:00 Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability."
4.3
CVE-2007-2223 2007-08-14 19h00 +00:00 Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow.
9.3