Microsoft Xml Core Services — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft Xml Core Services, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (19)
CVE-2010-2561 — CVSS 9.3 (critical): Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle HTTP responses, which allows remote attackers to execute arbitrary…
CVE-2007-0099 — CVSS 9.3 (critical): Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows…
CVE-2007-2223 — CVSS 9.3 (critical): Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1)…
CVE-2013-0007 — CVSS 9.3 (critical): Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute…
CVE-2013-0006 — CVSS 8.8 (high): Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute…
CVE-2016-0147 — CVSS 8.8 (high): Microsoft XML Core Services 3.0 allows remote attackers to execute arbitrary code via a crafted web site, aka "MSXML 3.0 Remote Code…
CVE-2006-5745 — CVSS 7.6 (high): Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0…
CVE-2006-4686 — CVSS 7.5 (high): Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services…
CVE-2009-0419 — CVSS 5.0 (medium): Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly…
CVE-2002-0057 — CVSS 5.0 (medium): XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote…
CVE-2015-2440 — CVSS 4.3 (medium): Microsoft XML Core Services 3.0, 5.0, and 6.0 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka…
CVE-2015-1646 — CVSS 4.3 (medium): Microsoft XML Core Services (aka MSXML) 3.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a…
CVE-2015-2434 — CVSS 4.3 (medium): Microsoft XML Core Services 3.0 and 5.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection…
CVE-2014-1816 — CVSS 4.3 (medium): Microsoft XML Core Services (aka MSXML) 3.0 and 6.0 does not properly restrict the information transmitted by Internet Explorer during a…
CVE-2015-2471 — CVSS 4.3 (medium): Microsoft XML Core Services 3.0, 5.0, and 6.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic…
CVE-2008-4033 — CVSS 4.3 (medium): Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer…
CVE-2006-4685 — CVSS 2.6 (low): The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side…