Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): MSXML
- Search Type: Search All
- CPE Name Search: false
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2019-1060 |
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. Published: October 10, 2019; 10:15:14 AM -0400 |
V3.1: 8.8 HIGH V2.0: 9.3 HIGH |
CVE-2019-1057 |
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. Published: August 14, 2019; 5:15:13 PM -0400 |
V3.0: 8.8 HIGH V2.0: 9.3 HIGH |
CVE-2019-0795 |
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0793. Published: April 09, 2019; 5:29:00 PM -0400 |
V3.0: 8.8 HIGH V2.0: 9.3 HIGH |
CVE-2019-0793 |
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0795. Published: April 09, 2019; 5:29:00 PM -0400 |
V3.0: 8.8 HIGH V2.0: 9.3 HIGH |
CVE-2019-0792 |
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0793, CVE-2019-0795. Published: April 09, 2019; 5:29:00 PM -0400 |
V3.0: 8.8 HIGH V2.0: 9.3 HIGH |
CVE-2019-0791 |
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795. Published: April 09, 2019; 5:29:00 PM -0400 |
V3.0: 8.8 HIGH V2.0: 9.3 HIGH |
CVE-2019-0790 |
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0791, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795. Published: April 09, 2019; 5:29:00 PM -0400 |
V3.0: 8.8 HIGH V2.0: 9.3 HIGH |
CVE-2019-0756 |
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. Published: April 08, 2019; 10:29:00 PM -0400 |
V3.0: 8.8 HIGH V2.0: 9.3 HIGH |
CVE-2018-8494 |
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. Published: October 10, 2018; 9:29:04 AM -0400 |
V3.0: 8.8 HIGH V2.0: 9.3 HIGH |
CVE-2018-8420 |
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. Published: September 12, 2018; 8:29:02 PM -0400 |
V3.0: 8.8 HIGH V2.0: 9.3 HIGH |
CVE-2018-8714 |
Honeywell MatrikonOPC OPC Controller before 5.1.0.0 allows local users to transfer arbitrary files from a host computer and consequently obtain sensitive information via vectors related to MSXML libraries. Published: May 17, 2018; 3:29:00 PM -0400 |
V3.0: 6.1 MEDIUM V2.0: 3.6 LOW |
CVE-2015-1646 |
Microsoft XML Core Services (aka MSXML) 3.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted DTD, aka "MSXML3 Same Origin Policy SFB Vulnerability." Published: April 14, 2015; 4:59:09 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-4118 |
XML Core Services (aka MSXML) 3.0 in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (system-state corruption) via crafted XML content, aka "MSXML Remote Code Execution Vulnerability." Published: November 11, 2014; 5:55:04 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2014-1816 |
Microsoft XML Core Services (aka MSXML) 3.0 and 6.0 does not properly restrict the information transmitted by Internet Explorer during a download action, which allows remote attackers to discover (1) full pathnames on the client system and (2) local usernames embedded in these pathnames via a crafted web site, aka "MSXML Entity URI Vulnerability." Published: June 11, 2014; 12:56:18 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-0007 |
Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability." Published: January 09, 2013; 1:09:40 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2013-0006 |
Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer Truncation Vulnerability." Published: January 09, 2013; 1:09:40 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-2423 |
The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, provide different responses to remote requests depending on whether a ZIP pathname is valid, which allows remote attackers to obtain potentially sensitive information about the installation path and product version via a series of requests involving the Msxml2.XMLHTTP object. Published: April 25, 2012; 4:55:01 PM -0400 |
V3.x:(not available) V2.0: 1.8 LOW |
CVE-2011-1713 |
Microsoft msxml.dll, as used in Internet Explorer 8 on Windows 7, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. NOTE: this might overlap CVE-2011-1202. Published: April 15, 2011; 4:55:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2010-2561 |
Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle HTTP responses, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted response, aka "Msxml2.XMLHTTP.3.0 Response Handling Memory Corruption Vulnerability." Published: August 11, 2010; 2:47:51 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2007-6502 |
Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to obtain sensitive information via (1) the AdminName and AdminLevel parameters to fp2000/NEWSRVR.asp, which discloses usernames; and (2) certain XML HTTP requests to hosting/css.asp using Microsoft.XMLHTTP or MSXML2.XMLHTTP objects, which trigger a response with the setup directory pathname in the HTML source; and (3) might allow remote attackers to obtain sensitive information via a request for /admin/forum/, which reveals the path in an error message when a forum is not found. Published: December 20, 2007; 3:46:00 PM -0500 |
V3.x:(not available) V2.0: 5.5 MEDIUM |