Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
microsoft xml core services 4.0 vulnerabilities and exploits
(subscribe to this query)
937
VMScore
CVE-2012-1889
Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote malicious users to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
Microsoft Xml Core Services 3.0
Microsoft Xml Core Services 4.0
Microsoft Xml Core Services 6.0
Microsoft Xml Core Services 5.0
1 EDB exploit
6 Github repositories
1 Article
935
VMScore
CVE-2007-2223
Microsoft XML Core Services (MSXML) 3.0 up to and including 6.0 allows remote malicious users to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow.
Microsoft Xml Core Services 3.0
Microsoft Xml Core Services 6.0
Microsoft Xml Core Services 4.0
Microsoft Xml Core Services 5.0
1 EDB exploit
829
VMScore
CVE-2013-0007
Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote malicious users to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability."
Microsoft Xml Core Services 3.0
Microsoft Xml Core Services 4.0
Microsoft Xml Core Services 6.0
Microsoft Windows 7 -
Microsoft Windows 8 -
Microsoft Windows Server 2003
Microsoft Windows Server 2008 -
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012 -
Microsoft Windows Vista
Microsoft Windows Xp -
Microsoft Windows Rt -
Microsoft Windows Server 2008
Microsoft Windows Xp
Microsoft Xml Core Services 5.0
Microsoft Expression Web
Microsoft Expression Web 2
Microsoft Groove Server 2007
Microsoft Office 2003
Microsoft Office 2007
Microsoft Office Compatibility Pack
Microsoft Sharepoint Server 2007
828
VMScore
CVE-2013-0006
Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote malicious users to execute arbitrary code via a crafted web page, aka "MSXML Integer Truncation Vulnerability."
Microsoft Xml Core Services 3.0
Microsoft Xml Core Services 4.0
Microsoft Xml Core Services 6.0
Microsoft Windows 7 -
Microsoft Windows 8 -
Microsoft Windows Server 2003
Microsoft Windows Server 2008 -
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012 -
Microsoft Windows Vista
Microsoft Windows Xp -
Microsoft Windows Rt -
Microsoft Windows Server 2008
Microsoft Windows Xp
Microsoft Xml Core Services 5.0
Microsoft Expression Web
Microsoft Expression Web 2
Microsoft Groove Server 2007
Microsoft Office 2003
Microsoft Office 2007
Microsoft Office Compatibility Pack
Microsoft Sharepoint Server 2007
780
VMScore
CVE-2006-5745
Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote malicious users to execute arbitrary code via crafted arguments that lead to mem...
Microsoft Xml Core Services 4.0
4 EDB exploits
668
VMScore
CVE-2006-4686
Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 up to and including 6.0 allows remote malicious users to execute arbitrary code via a crafted Web page.
Microsoft Xml Core Services 3.0
Microsoft Xml Core Services 4.0
Microsoft Xml Core Services 6.0
Microsoft Xml Parser 2.6
445
VMScore
CVE-2002-0057
XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote malicious users to read arbitrary files by specifying a local file as an XML Data Source.
Microsoft Sql Server 2000
Microsoft Internet Explorer 6.0
Microsoft Xml Core Services 3.0
Microsoft Xml Core Services 4.0
Microsoft Xml Core Services 2.6
Microsoft Windows Xp
435
VMScore
CVE-2008-4029
Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, as used in Internet Explorer, allows remote malicious users to obtain sensitive information from another domain via a crafted XML document, related to improper error checks for external DTDs, aka "MSXML D...
Microsoft Internet Explorer
1 EDB exploit
435
VMScore
CVE-2008-4033
Cross-domain vulnerability in Microsoft XML Core Services 3.0 up to and including 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote malicious users to obtain sensitive information from another domain and corrupt the session sta...
Microsoft Xml Core Services 4.0
Microsoft Xml Core Services 3.0
Microsoft Xml Core Services 6.0
Microsoft Xml Core Services 5.0
1 EDB exploit
428
VMScore
CVE-2019-11358
jQuery prior to 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Jquery Jquery
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Drupal Drupal
Backdropcms Backdrop
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Netapp Snapcenter -
Netapp Oncommand System Manager
Redhat Cloudforms 4.7
Redhat Virtualization Manager 4.3
Oracle Service Bus 12.1.3.0.0
Oracle Primavera Unifier 16.2
Oracle Jd Edwards Enterpriseone Tools 9.2
Oracle Weblogic Server 12.1.3.0.0
Oracle Service Bus 11.1.1.9.0
Oracle Jdeveloper 11.1.1.9.0
Oracle Primavera Unifier 16.1
150 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »