The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 up to and including 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted malicious users to access content from other domains.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft xml core services 4.0 |
||
microsoft xml core services 6.0 |
||
microsoft xml parser 2.6 |
||
microsoft xml core services 3.0 |