Microsoft XML Core Services (MSXML) 3.0 up to and including 6.0 allows remote malicious users to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft xml_core_services 3.0 |
||
microsoft xml_core_services 6.0 |
||
microsoft xml_core_services 4.0 |
||
microsoft xml_core_services 5.0 |