Vulnerabilities > Microsoft > XML Core Services > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-04-12 | CVE-2016-0147 | Improper Input Validation vulnerability in Microsoft XML Core Services 3.0 Microsoft XML Core Services 3.0 allows remote attackers to execute arbitrary code via a crafted web site, aka "MSXML 3.0 Remote Code Execution Vulnerability." | 9.3 |
2010-08-11 | CVE-2010-2561 | Code Injection vulnerability in Microsoft XML Core Services 3.0 Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle HTTP responses, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted response, aka "Msxml2.XMLHTTP.3.0 Response Handling Memory Corruption Vulnerability." | 9.3 |
2007-08-14 | CVE-2007-2223 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft XML Core Services Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow. | 9.3 |
2007-01-08 | CVE-2007-0099 | Race Condition vulnerability in Microsoft Internet Explorer and XML Core Services Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka "MSXML Memory Corruption Vulnerability." | 9.3 |